Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
TEAMFLY
Want to learn more?<br />
We hope you enjoy this McGraw-Hill eBook! If you’d like more<br />
information about this book, its author, or related books and websites,<br />
please click here.
SCHAUM’S<br />
OUTLINE OF<br />
Theory and Problems of<br />
SOFTWARE<br />
ENGINEERING
This page intentionally left blank.
Theory and Problems of<br />
SOFTWARE<br />
ENGINEERING<br />
DAVID A. GUSTAFSON<br />
Computing and Information Sciences Department<br />
Kansas State University<br />
Schaum’s <strong>Outline</strong> <strong>Series</strong><br />
McGRAW-HILL<br />
New York Chicago San Francisco Lisbon London Madrid Mexico City<br />
Milan New Delhi San Juan Seoul Singapore Sydney Toronto
McGraw-Hill<br />
abc<br />
Copyright © 2002 by The McGraw-Hill Companies,Inc. All rights reserved. Manufactured in the United States of America. Except as permitted<br />
under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any<br />
means, or stored in a database or retrieval system, without the prior written permission of the publisher.<br />
0-07-140620-4<br />
The material in this eBook also appears in the print version of this title:0-07-137794-8.<br />
All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trademarked<br />
name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the<br />
trademark. Where such designations appear in this book, they have been printed with initial caps.<br />
McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training<br />
programs. For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw-hill.com or (212) 904-<br />
4069.<br />
TERMS OF USE<br />
This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the<br />
work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve<br />
one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon,<br />
transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may<br />
use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work<br />
may be terminated if you fail to comply with these terms.<br />
THE WORK IS PROVIDED “AS IS”. McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS<br />
TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK,<br />
INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE,<br />
AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED<br />
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. McGraw-Hill and its licensors do not<br />
warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or<br />
error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless<br />
of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information<br />
accessed through the work. Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special,<br />
punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been<br />
advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim<br />
or cause arises in contract, tort or otherwise.<br />
DOI: 10.1036/0071406204
Software Engineering is not just surveys of techniques and terminology; it includes<br />
techniques that students must master. This book is designed for college students<br />
taking courses in software engineering at the undergraduate and graduate level.<br />
During my 25+ years of teaching software engineering at both the undergraduate<br />
and graduate level, I have realized the need for solved examples and for guidance<br />
to help students with these techniques.<br />
This book is intended to be used in conjunction with a textbook or lecture notes<br />
on software engineering. The background and motivation for diagrams, notations<br />
and techniques are not included. Included are rules about proper construction of<br />
diagrams. Instructions on using techniques are given. Rules are included about<br />
applying techniques. Most important, examples and solved problems are given for<br />
diagrams, notations, and techniques.<br />
Writing this book was not a solitary effort. Many people have influenced this<br />
book. In particular, I wish to acknowledge the following: Karen, my wonderful<br />
wife, for all of her support and help in creating this book. Without her help, this<br />
book would not have been done. Steve, who took time from his PhD studies to<br />
critique many of the chapters. My students, who provided the original inspiration<br />
for writing this material and who have read these chapters as individual readings,<br />
have found mistakes, and have offered suggestions. I would like to thank Ramon,<br />
who suggested this book, and the McGraw-Hill editorial staff for their help and<br />
suggestions.<br />
DAVID A. GUSTAFSON<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
v
This page intentionally left blank.
For more information about this book, click here.<br />
CHAPTER 1 The Software Life Cycle 1<br />
1.1 Introduction 1<br />
1.2 Software Life Cycle Models 3<br />
CHAPTER 2 Software Process and Other Models 7<br />
2.1 The Software Process Model 7<br />
2.2 Data Flow Diagrams 9<br />
2.3 Petri Net Models 10<br />
2.4 Object Models 11<br />
2.5 Use Case Diagrams 14<br />
2.6 Scenarios 15<br />
2.7 Sequence Diagrams 15<br />
2.8 Hierarchy Diagrams 16<br />
2.9 Control Flow Graphs 16<br />
2.10 State Diagrams 17<br />
2.11 Lattice Models 19<br />
CHAPTER 3 Software Project Management 30<br />
3.1 Introduction 30<br />
3.2 Management Approaches 30<br />
3.3 TeamApproaches 31<br />
3.4 Critical Practices 32<br />
3.5 Capability Maturity Model 33<br />
3.6 Personal Software Process 34<br />
3.7 Earned Value Analysis 35<br />
3.8 Error Tracking 36<br />
3.9 Postmortem Reviews 37<br />
CHAPTER 4 Software Project Planning 47<br />
4.1 Project Planning 47<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
vii
viii<br />
CONTENTS<br />
4.2 WBS–Work Breakdown Structure 47<br />
4.3 PERT–ProgramEvaluation and Review<br />
Technique 50<br />
4.4 Software Cost Estimation 54<br />
CHAPTER 5 Software Metrics 72<br />
5.1 Introduction 72<br />
5.2 Software Measurement Theory 73<br />
5.3 Product Metrics 76<br />
5.4 Process Metrics 83<br />
5.5 The GQM Approach 83<br />
CHAPTER 6 Risk Analysis and Management 91<br />
6.1 Introduction 91<br />
6.2 Risk Identification 91<br />
6.3 Risk Estimation 92<br />
6.4 Risk Exposure 92<br />
6.5 Risk Mitigation 94<br />
6.6 Risk Management Plans 94<br />
CHAPTER 7 Software Quality Assurance 99<br />
7.1 Introduction 99<br />
7.2 Formal Inspections and Technical Reviews 99<br />
7.3 Software Reliability 101<br />
7.4 Statistical Quality Assurance 102<br />
CHAPTER 8 Requirements 112<br />
8.1 Introduction 112<br />
8.2 Object Model 112<br />
8.3 Data Flow Modeling 113<br />
8.4 Behavioral Modeling 114<br />
8.5 Data Dictionary 116<br />
8.6 SystemDiagrams 117<br />
8.7 IEEE Standard for Software Requirements<br />
Specification 118<br />
CHAPTER 9 Software Design 127<br />
9.1 Introduction 127<br />
9.2 Phases of the Design Process 128<br />
9.3 Design Concepts 130<br />
9.4 Measuring Cohesion 132<br />
9.5 Measuring Coupling 135<br />
9.6 Requirements Traceability 136<br />
CHAPTER 10 Software Testing 145<br />
10.1 Introduction 145
CONTENTS ix<br />
10.2 Software Testing Fundamentals 145<br />
10.3 Test Coverage Criterion 146<br />
10.4 Data Flow Testing 154<br />
10.5 RandomTesting 155<br />
10.6 Boundary Testing 157<br />
CHAPTER 11 Object-Oriented Development 169<br />
11.1 Introduction 169<br />
11.2 Identifying Objects 171<br />
11.3 Identifying Associations 175<br />
11.4 Identifying Multiplicities 178<br />
CHAPTER 12 Object-Oriented Metrics 183<br />
12.1 Introduction 183<br />
12.2 Metrics Suite for Object-Oriented Design 184<br />
12.3 The MOOD Metrics 189<br />
CHAPTER 13 Object-Oriented Testing 199<br />
13.1 Introduction 199<br />
13.2 MM Testing 200<br />
13.3 Function Pair Coverage 201<br />
CHAPTER 14 Formal Notations 208<br />
14.1 Introduction 208<br />
14.2 Formal Specifications 208<br />
14.3 Object Constraint Language (OCL) 210<br />
TEAMFLY<br />
INDEX 219
This page intentionally left blank.
SCHAUM’S<br />
OUTLINE OF<br />
Theory and Problems of<br />
SOFTWARE<br />
ENGINEERING
This page intentionally left blank.
The Software Life Cycle<br />
1.1 Introduction<br />
The software life cycle is the sequence of different activities that take place during<br />
software development. There are also different deliverables produced. Although<br />
deliverables can be agreements or evaluations, normally deliverables are objects,<br />
such as source code or user manuals. Usually, the activities and deliverables are<br />
closely related. Milestones are events that can be used for telling the status of the<br />
project. For example, the event of completing the user manual could be a milestone.<br />
For management purposes, milestones are essential because completion of<br />
milestones allow, the manager to assess the progress of the software development.<br />
1.1.1 TYPES OF SOFTWARE LIFE CYCLE ACTIVITIES<br />
1.1.1.1 Feasibility—Determining if the proposed development is worthwhile.<br />
Market analysis—Determining if there is a potential market for<br />
this product.<br />
1.1.1.2 Requirements—Determining what functionality the software<br />
should contain.<br />
Requirement elicitation—Obtaining the requirements from the<br />
user.<br />
Domain analysis—Determining what tasks and structures are<br />
common to this problem.<br />
1.1.1.3 Project planning—Determining how to develop the software.<br />
Cost analysis—Determining cost estimates.<br />
Scheduling—Building a schedule for the development.<br />
Software quality assurance—Determining activities that will help<br />
ensure quality of the product.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
1
2<br />
Work-breakdown structure—Determining the subtasks necessary<br />
to develop the product.<br />
1.1.1.4 Design—Determining how the software should provide the functionality.<br />
Architectural design—Designing the structure of the system.<br />
Interface design—Specifying the interfaces between the parts of<br />
the system.<br />
Detailed design—Designing the algorithms for the individual<br />
parts.<br />
1.1.1.5 Implementation—Building the software.<br />
1.1.1.6 Testing—Executing the software with data to help ensure that the<br />
software works correctly.<br />
Unit testing—Testing by the original developer.<br />
Integration testing—Testing during the integration of the software.<br />
System testing—Testing the software in an environment that<br />
matches the operational environment.<br />
Alpha testing—Testing by the customer at the developer’s site.<br />
Beta testing—Testing by the customer at the customer’s site.<br />
Acceptance testing—Testing to satisfy the purchaser.<br />
Regression testing—Saving tests from the previous version to<br />
ensure that the new version retains the previous capabilities.<br />
1.1.1.7 Delivery—Providing the customer with an effective software solution.<br />
Installation—Making the software available at the customer’s<br />
operational site.<br />
Training—Teaching the users to use the software.<br />
Help desk—Answering questions of the user.<br />
1.1.1.8 Maintenance—Updating and improving the software to ensure<br />
continued usefulness.<br />
1.1.2TYPICAL DOCUMENTS<br />
CHAPTER 1 The Software Life Cycle<br />
1.1.2.1 Statement of work—Preliminary description of desired capabilities,<br />
often produced by the user.<br />
1.1.2.2 Software requirements specification—Describes what the finished<br />
software will do.<br />
Object model—Shows main objects/classes.
CHAPTER 1 The Software Life Cycle 3<br />
Use case scenarios—Show sequences of possible behaviors from<br />
the user’s viewpoint.<br />
1.1.2.3 Project schedule—Describes the order of tasks and estimates of<br />
time and effort necessary.<br />
1.1.2.4 Software test plan—Describes how the software will be tested to<br />
ensure proper behavior.<br />
Acceptance tests—Tests designated by the customer to determine<br />
acceptability of the system.<br />
1.1.2.5 Software design—Describes the structure of the software.<br />
Architectural design—The high-level structure with the interconnections.<br />
Detailed design—The design of low-level modules or objects.<br />
1.1.2.6 Software quality assurance plan (SQA plan)—Describes the activities<br />
that will be done to ensure quality.<br />
1.1.2.7 User manual—Describes how to use the finished software.<br />
1.1.2.8 Source code—The actual product code.<br />
1.1.2.9 Test report—Describes what tests were done and how the<br />
system behaved.<br />
1.1.2.10 Defect report—Describes dissatisfaction of the customer with<br />
specific behavior of the system; usually, these are software failures<br />
or errors.<br />
1.2Software Life Cycle Models<br />
The four different software life cycle models presented in the following sections are<br />
the most common software life cycle models.<br />
1.2.1 THE LINEAR SEQUENTIAL MODEL<br />
This model, shown in Fig. 1-1, is also called the waterfall model, since the typical<br />
diagram looks like a series of cascades. First described by Royce in 1970, it was the<br />
first realization of a standard sequence of tasks.<br />
There are many versions of the waterfall model. Although the specific development<br />
tasks will occur in almost every development, there are many ways to divide<br />
them into phases. Note that in this version of the waterfall, the project planning
4<br />
Feasibility<br />
Requirements<br />
activities are included in the requirements phase. Similarly, the delivery and maintenance<br />
phases have been left off.<br />
1.2.2 THE PROTOTYPING MODEL<br />
This software life cycle model builds a throwaway version (or prototype). This<br />
prototype is intended to test concepts and the requirements. The prototype will be<br />
used to demonstrate the proposed behavior to the customers. After agreement<br />
from the customer, then the software development usually follows the same phases<br />
as the linear sequential model. The effort spent on the prototype usually pays for<br />
itself by not developing unnecessary features.<br />
1.2.3 INCREMENTAL MODEL<br />
D. L. Parnas proposed the incremental model. 1 The goal was to design and deliver<br />
to the customer a minimal subset of the whole system that was still a useful system.<br />
The process will continue to iterate through the whole life cycle with additional<br />
minimal increments. The advantages include giving the customer a working system<br />
early and working increments.<br />
1.2.4 BOEHM’S SPIRAL MODEL<br />
CHAPTER 1 The Software Life Cycle<br />
Design<br />
Fig. 1-1. Waterfall model.<br />
Implementation<br />
Testing<br />
B. Boehm introduced the spiral model. 2 The image of the model is a spiral that<br />
starts in the middle and continually revisits the basic tasks of customer communication,<br />
planning, risk analysis, engineering, construction and release, and<br />
customer evaluation.<br />
1<br />
D. Parnas. ‘‘Designing Software for Ease of Extension and Contraction.’’ IEEE Transactions on Software<br />
Engineering (TOSE) 5:3, March 1979, 128–138.<br />
2<br />
B. Boehm.. ‘‘A Spiral Model for Software Development and Enhancement.’’ IEEE Computer. 21:5, May 1988,<br />
61–72.
CHAPTER 1 The Software Life Cycle 5<br />
Review Questions<br />
1. How does a phased life cycle model assist software management?<br />
2. What are two required characteristics of a milestone?<br />
3. For each of the following documents, indicate in which phase(s) of the software life<br />
cycle it is produced: final user manual, architectural design, SQA plan, module specification,<br />
source code, statement of work, test plan, preliminary user manual, detailed<br />
design, cost estimate, project plan, test report, documentation.<br />
4. Order the following tasks in terms of the waterfall model: acceptance testing, project<br />
planning, unit testing, requirements review, cost estimating, high-level design, market<br />
analysis, low-level design, systems testing, design review, implementation, requirement<br />
specification.<br />
5. Draw a diagram that represents an iterative life cycle model.<br />
Answers to Review Questions<br />
1. How does a phased life cycle model assist software management?<br />
The phased life cycle improves the visibility of the project. The project can be managed<br />
by using the phases as milestones. More detailed phases will allow closer monitoring of<br />
progress.<br />
2. What are the two required characteristics of a milestone?<br />
A milestone (1) must be related to progress in the software development and (2) must<br />
be obvious when it has been accomplished.<br />
3. Documents in the software life cycle:<br />
Final user manual Implementation phase<br />
Architectural design Design phase<br />
SQA plan Project planning phase<br />
Module specification Design phase<br />
Source code Implementation phase<br />
Statement of work Feasibility phase<br />
Test plan Requirements phase<br />
Preliminary user manual Requirements phase<br />
Detailed design Design phase<br />
Cost estimate Project planning phase<br />
Project plan Project planning phase
6<br />
Test report Testing phase<br />
Documentation Implementation phase<br />
4. Order of tasks:<br />
CHAPTER 1 The Software Life Cycle<br />
Market analysis<br />
Project planning, cost estimating, requirement specification (may be done concurrently)<br />
Requirements review<br />
High-level design<br />
Low-level design<br />
Design review<br />
Implementation<br />
Unit testing<br />
Systems testing<br />
Acceptance testing<br />
5. Draw a diagram that represents an iterative life cycle model. See Fig. 1-2.<br />
Time<br />
Req Design Imp Test Delivery<br />
Fig. 1-2. Iterative life cycle model.
Software Process and<br />
Other Models<br />
2.1 The Software Process Model<br />
A software process model (SPM) describes the processes that are done to achieve<br />
software development. A software process model usually includes the following:<br />
Tasks<br />
Artifacts (files, data, etc.)<br />
Actors<br />
Decisions (optional)<br />
TEAMFLY<br />
The notations used can vary. The standard software process model uses ovals<br />
for tasks and processes. The artifacts are represented by rectangles and the actors<br />
by stick figures. Many software process models do not include decisions. We will<br />
use diamonds whenever we show decisions. The flow is shown by arcs and is<br />
usually left-to-right and top-down. Arcs are normally not labeled.<br />
The following are rules and interpretations for correct process models:<br />
Two tasks cannot be connected by an arc. Tasks must be separated by artifacts.<br />
A task is not executable until its input artifacts exist.<br />
There are one or more start tasks and one or more terminal tasks.<br />
All tasks must be reachable from the start task.<br />
There is a path from every task to the terminal task.<br />
Software process models can be descriptive; that is, they can describe what has<br />
happened in a development project. The descriptive model is often created as part<br />
of a postmortem analysis of a project. This can be useful in terms of identifying<br />
problems in the software development process. Or, software process models can be<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
7
8<br />
Source<br />
code<br />
Test<br />
plan<br />
CHAPTER 2 Software Process and Other Models<br />
prescriptive; that is, the software process model can describe what is supposed to<br />
happen. Prescriptive software process models can be used to describe the standard<br />
software development process. These can be used as training tools for new hires,<br />
for reference for uncommon occurrences, and for documenting what is supposed<br />
to be happening.<br />
EXAMPLE 2.1<br />
Figure 2-1 is a process model for unit testing software. There are two actors: the<br />
tester and the team leader. The unit tester, of course, is responsible for the unit<br />
testing. The unit tester uses the source code and the test plan to accomplish the<br />
unit testing. The result of this activity is an artifact, the test results. The team<br />
leader reviews the test results, and the result of this activity should be the approval<br />
of the unit testing. This model does not explicitly show what happens when the<br />
process is not successful. It could be inferred that the unit tester keeps testing until<br />
he or she is happy. Similarly, if the team leader is not ready to give the approval,<br />
then the process may be backed up to redo the unit testing.<br />
Source<br />
code<br />
Test<br />
plan<br />
Unit tester<br />
Unit<br />
testing<br />
Test<br />
results<br />
Team leader<br />
Test<br />
review<br />
Fig. 2-1. Process diagram for unit testing.<br />
Approval<br />
EXAMPLE 2.2<br />
Draw the process model showing decisions.<br />
Adding decisions allows the process model to be more explicit about what happens<br />
in all circumstances, as shown in Fig. 2-2.<br />
Unit tester<br />
Unit<br />
testing<br />
Test<br />
results<br />
Team leader<br />
Test<br />
review<br />
Fig. 2-2. Process model with decisions.<br />
OK<br />
?<br />
No<br />
Yes<br />
Approval
CHAPTER 2 Software Process and Other Models 9<br />
2.2 Data Flow Diagrams<br />
One of the most basic diagrams in software development is the data flow diagram.<br />
A data flow diagram shows the flow of the data among a set of components. The<br />
components may be tasks, software components, or even abstractions of the<br />
functionality that will be included in the software system. The actors are not<br />
included in the data flow diagram. The sequence of actions can often be inferred<br />
from the sequence of activity boxes.<br />
The following are rules and interpretations for correct data flow diagrams:<br />
1. Boxes are processes and must be verb phrases.<br />
2. Arcs represent data and must be labeled with noun phrases.<br />
3. Control is not shown. Some sequencing may be inferred from the ordering.<br />
4. A process may be a one-time activity, or it may imply a continuous<br />
processing.<br />
5. Two arcs coming out a boxmay indicate that both outputs are produced<br />
or that one or the other is produced.<br />
EXAMPLE 2.3<br />
The unit testing example from the previous section can be depicted as a data flow<br />
diagram, as shown in Fig. 2-3.<br />
Source<br />
code<br />
Test<br />
plan<br />
Execute<br />
unit tests<br />
Test<br />
results Review<br />
test<br />
results<br />
Review<br />
decision<br />
Fig. 2-3. Data flow for unit testing.<br />
Figure 2-3 illustrates some of the rules. The phrases within the boxes are verb<br />
phrases. They represent actions. Each arrow/line is labeled with a noun phrase<br />
that represents some artifact.<br />
The data flow diagram does not show decisions explicitly. The example shows<br />
that the results of testing can influence further testing and that the results of the<br />
test review action can also affect the testing (or retesting).<br />
EXAMPLE 2.4<br />
The calculation of the mathematical formula ðx þ yÞ ðw þ zÞ can be shown as a<br />
sequence of operations, as shown in Fig. 2-4:
10<br />
2.3 Petri Net Models<br />
CHAPTER 2 Software Process and Other Models<br />
y<br />
x<br />
w<br />
z<br />
Sum<br />
Sum<br />
Sum 1<br />
Sum 2<br />
Multiply<br />
The basic petri net model consists of condition nodes, arcs, event nodes, and<br />
tokens. If the input condition nodes for an event node all have tokens, then<br />
the event can fire, the tokens are removed from the input nodes, and tokens<br />
are placed on all of the output nodes of the firing position. The condition nodes<br />
are usually represented by circles and the event nodes by horizontal lines or<br />
rectangles.<br />
In a petri net model, the condition nodes usually represent some required<br />
condition—for instance, the existence of a test plan. A token at the condition<br />
means that the condition is met. An event node (the horizontal line) represents<br />
an event that can happen (fire) when all the requirements are met (tokens in all the<br />
condition nodes). Tokens are then placed at all the condition nodes that follow the<br />
event.<br />
EXAMPLE 2.5<br />
A petri net model of testing is shown in Fig. 2-5.<br />
OK<br />
SRC<br />
Approval<br />
Results<br />
Approve<br />
Fig. 2-4<br />
Test plan<br />
Unit testing<br />
Not okay<br />
Fig. 2-5. Petri net model.<br />
Answer<br />
Disapprove<br />
There are a number of different variations on the basic petri net model.
CHAPTER 2 Software Process and Other Models 11<br />
2.4 Object Models<br />
In object-oriented development (Chapter 11), both the problem in the problem<br />
domain and the solution in the machine space are described in terms of objects. In<br />
the solution, these objects normally become classes. As the requirements and<br />
design phases of software development progress, the objects switch from being<br />
representations of the things in the problem domain to being programming structures<br />
in the software.<br />
Object models represent entities and relationships between entities. Each box<br />
represents a type of object, and the name, attributes, and the methods of the object<br />
are listed inside the box. The top section of the box is for the name of the object,<br />
the second section is for the attributes, and the bottom section is for the methods.<br />
An arc between two objects represents a relationship between the objects. Arcs<br />
may be labeled in the center with a name of the association. The roles may be<br />
labeled at the opposite end. Also, at each end a multiplicity may be given indicating<br />
how many different associations of the same kind are allowed.<br />
The three major types of relationships are (1) inheritance, (2) aggregation, and<br />
(3) association. An inheritance relationship implies that the object at the bottom of<br />
the arc is a special case of the object at the top of the arc. For example, the top<br />
object might be a vehicle and the bottom object a car, which is a kind of vehicle.<br />
This is often called an ‘‘is-a’’ relationship. An aggregation relationship implies that<br />
the object at the bottom of the arc is a component of the object at the top of the<br />
arc. For example, the top object might be a car and the bottom object might be the<br />
engine. This is often called a ‘‘part-of’’ relationship. The final type of relationship<br />
is an association, and this arc implies that somehow one of the objects is associated<br />
with the other object. For example, a ‘‘father-son’’ relationship is an association.<br />
This relationship may be two-way, or it might only be one-way.<br />
Although there are many different notations, we will use a notation compatible<br />
with the Unified Modeling Language (UML) standard. 1<br />
EXAMPLE 2.6<br />
Construct an object model for a library. The objects in the simple library shown in<br />
Fig. 2.6 consist of the library, books, copies of books, and patrons.<br />
None of the methods of the objects are shown. The library has an aggregation<br />
relationship with book and with patron. That is, the library is really made up of<br />
books and patrons. The relationship between book and copy is neither<br />
aggregation nor inheritance. The object book represents the abstraction of a book,<br />
while the copy is the physical item that is loaned out. The relationship between<br />
patron and copy is called ‘‘loan.’’ From the view of copy, the role is ‘‘checked out<br />
by’’ and from patron the role is ‘‘checkout.’’ The multiplicities indicate that a copy<br />
can either not be checked out or can have this relationship with only one patron at<br />
a time (‘‘0.1’’). The other multiplicity, ‘‘0.*’’, indicates that a patron can have zero or<br />
one or many relationships of ‘‘checkout’’ at a time.<br />
1 See www.omg.org or www.rational.com or search for UML with your browser.
12<br />
CHAPTER 2 Software Process and Other Models<br />
patron<br />
name<br />
address<br />
0..1 checked out by<br />
loan<br />
0..*<br />
checked out<br />
library<br />
copy<br />
status<br />
EXAMPLE 2.7<br />
Construct an object model for a family-tree system that stores genealogical<br />
information about family members.<br />
Figure 2-7 indicates that everyone has a birthfamily. Every marriage has a father<br />
person and a mother person. Many attributes have been left off the diagram, and<br />
no functions are shown.<br />
marriages<br />
family<br />
2.4.1 EXISTENCE DEPENDENCY 2<br />
book<br />
title<br />
author<br />
Fig. 2-6. Object model of simple library.<br />
1 birthfamily<br />
0..*<br />
marriage<br />
0..*<br />
marriage<br />
family-tree<br />
child<br />
0..*<br />
father 1<br />
mother 1<br />
Fig. 2-7. Family-tree object model<br />
people<br />
person<br />
One approach to clarifying the relationships is to introduce a different relationship<br />
called existence dependency (ED). Existence dependency relationships are defined<br />
as follows: A class (parent) can be associated with a lower class (child) if the lower<br />
(child) class only exists when the upper (parent) class exists and each instance of the<br />
lower (child) class is associated with exactly one instance of the upper (parent) class.<br />
This relationship and inheritance can be used to represent any problem domain.<br />
2 Snoeck and Dedene. ‘‘Existence Dependency: The Key to Semantic Integrity between Structural and<br />
Behavioral Aspects of Object Types.’’ IEEE TOSE, April 1998.
CHAPTER 2 Software Process and Other Models 13<br />
EXAMPLE 2.8<br />
Construct an object model for a library using the existence dependency<br />
relationships.<br />
As shown in Fig. 2-6 in example 2.6, all the relationships except ‘‘loan’’ and<br />
library-booksatisfy the requirements of existence dependency. The relationship<br />
‘‘loan’’ does not satisfy it, since a copy object can exist before the existence of the<br />
patron object that is checking it out. However, a loan object can be created that<br />
does satisfy the ED relationship. The object ‘‘book’’ cannot be a child of library,<br />
since books can exist before and after a specific library. ‘‘Person’’ is added to the<br />
diagram (see Fig. 2-8) to show the part of the patron that is not existencedependent<br />
on ‘‘library.’’<br />
2.4.2 INSTANCE DIAGRAMS<br />
person<br />
library<br />
book<br />
name<br />
title<br />
address<br />
author<br />
book<br />
patron<br />
pnumber<br />
check<br />
out<br />
loan<br />
loan<br />
status<br />
checked<br />
out<br />
Object diagrams represent types of objects. Thus, a boxlabeled ‘‘car’’<br />
represents the attributes and functions of all cars. Sometimes the relationships<br />
between instances of objects are not very clear in an object diagram. An<br />
instance diagram shows example instances of objects and may clarify the<br />
relationships.<br />
copy<br />
status<br />
Fig. 2-8. Library object model using ED.<br />
EXAMPLE 2.9<br />
Draw an instance model showing Fred, his wife Sue, their children Bill, Tom, and<br />
Mary, and his parents Mike and Jean. (See Fig. 2-9.)
14<br />
2.5 Use Case Diagrams<br />
CHAPTER 2 Software Process and Other Models<br />
Mike’s birthfamily<br />
Jean’s birthfamily<br />
Mike & Jean<br />
Fred & Sue<br />
Sue’s birthfamily<br />
Fred’s family tree<br />
child<br />
father<br />
child<br />
mother<br />
child<br />
father<br />
mother<br />
A use case diagram is part of the UML set of diagrams. It shows the important<br />
actors and functionality of a system. Actors are represented by stick figures and<br />
functions by ovals. Actors are associated with functions they can perform.<br />
Mike<br />
Jean<br />
EXAMPLE 2.10<br />
Draw a use case diagram for the simple library. (See Fig. 2-10.)<br />
The functions in the ovals are methods of the classes in the object model. The<br />
patron object can borrow and return copies. The librarian actor is not an object on<br />
the object model. The librarian in the use case shows that some functions—for<br />
instance, catalog and shelve books—are not functions available to the patron.<br />
child<br />
child<br />
child<br />
child<br />
Fred<br />
Sue<br />
Bill<br />
Tom<br />
Mary<br />
Fig. 2-9. Instance diagram of Fred’s family tree.<br />
Catalog<br />
books<br />
Shelve<br />
books<br />
Patron Librarian<br />
Borrow<br />
Return<br />
Fig. 2-10. Use case for simple library.
CHAPTER 2 Software Process and Other Models 15<br />
A scenario is a description of one sequence of actions that could occur in this<br />
problem domain.<br />
EXAMPLE 2.11<br />
Write a scenario for the library problem.<br />
Fred, a patron, goes to the library and checks out a book. Two months later, he<br />
brings the overdue library bookbackto the library.<br />
2.6 Scenarios<br />
2.7 Sequence Diagrams<br />
A sequence diagram is part of the UML set of diagrams. The diagram has vertical<br />
lines, which represent instances of classes. Each vertical line is labeled at the top<br />
with the class name followed by a colon followed by the instance name. For<br />
example, the first line is labeled with lib:main for the instance main of the<br />
class library. Horizontal arrows depict function calls. The tail of the arrow is<br />
on the line of the calling class, and the head of the arrow is on the line of the called<br />
class. The name of the function is on the arrow. The wide block on the vertical line<br />
shows the execution time of the called function. Returns are normally not shown.<br />
Multiple calls to the same function are often shown as just one arrow.<br />
EXAMPLE 2.12<br />
Draw a sequence diagram for the scenario of Example 2.11. (See Fig. 2-11.)<br />
lib : main<br />
checkout<br />
return<br />
patron : fred book : novel copy : 1<br />
checkout<br />
chg status<br />
checkin<br />
chg status<br />
Fig. 2-11. Sequence diagram for checkout scenario.<br />
This diagram is much closer to the design phase than the object model presented<br />
in Example 2.8. There are functions used in this diagram that are not represented<br />
in the earlier object model. Also, the sequence of calls represented in this diagram<br />
is dependent on the actual design.
16<br />
2.8 Hierarchy Diagrams<br />
A hierarchy diagram shows the calling structure of a system. Each boxrepresents a<br />
function. A line is drawn from one function to another function if the first function<br />
can call the second function. All possible calls are shown.<br />
It is not one of the UML set of diagrams and is often not used in objectoriented<br />
development. However, it can be a very useful diagram to understand<br />
the dynamic structure of a system.<br />
EXAMPLE 2.13<br />
Draw a hierarchy diagram for the library program used in Example 2.12. (See Fig.<br />
2-12.)<br />
2.9 Control Flow Graphs<br />
CHAPTER 2 Software Process and Other Models<br />
library::checkout<br />
copy::checkout<br />
book::chg status<br />
patron::checkout<br />
Fig. 2-12. Hierarchy diagram.<br />
A control flow graph (CFG) shows the control structure of code. Each node (circle)<br />
represents a block of code that has only one way through the code. That is, there is<br />
one entrance at the beginning of the block and one exit at the end. If any statement<br />
in the block is executed, then all statements in the block are executed. Arcs<br />
between nodes represent possible flows of control. That is, if it is possible that<br />
block B is executed, right after block A, then there must be an arc from block A to<br />
block B.<br />
The following are rules for correct control flow diagrams:<br />
1. There must be one start node.<br />
2. From the start node, there must be a path to each node.<br />
3. From each node, there must be a path to a halt node.
CHAPTER 2 Software Process and Other Models 17<br />
EXAMPLE 2.14<br />
Draw a control flow graph for the following triangle problem.<br />
read x,y,z;<br />
type = ‘‘scalene’’;<br />
if (x == y or x == z or y == z) type =’’isosceles’’;<br />
if (x == y and x == z) type =’’equilateral’’;<br />
if (x >= y+z or y >= x+z or z >= x+y) type =’’not a triangle’’;<br />
if (x
18<br />
CHAPTER 2 Software Process and Other Models<br />
The following are rules for correct state diagrams:<br />
1. There is one initial state.<br />
2. Every state can be reached from the initial state.<br />
3. From each state, there must be a path to a stop state.<br />
4. Every transition between states must be labeled with an event that will<br />
cause that transition.<br />
EXAMPLE 2.15<br />
Draw a state diagram for a fixed-size stack. (See Fig. 2-14.)<br />
push<br />
new<br />
push<br />
push<br />
empty normal full<br />
pop pop<br />
pop<br />
Fig. 2-14. State diagram for a fixed-size stack.<br />
There are two approaches to state diagrams. In Fig. 2-14, only legal or nonerror<br />
transitions are specified. It is assumed that any transition that is not shown is<br />
illegal. For example, there is no push transition from the full state. Another<br />
approach is to show all transitions, including transitions that cause errors.<br />
EXAMPLE 2.16<br />
Draw a state diagram for a stackwith all the error transitions shown. (See Fig.<br />
2-15.)<br />
new<br />
push<br />
push-error msg<br />
push<br />
push<br />
empty normal full<br />
pop pop<br />
pop-error msg<br />
pop<br />
Fig. 2-15. State diagrams showing error transitions.<br />
State diagrams can be drawn directly from source code. Each function must be<br />
examined for decisions that are based on the values of variables (the state of the<br />
system).
CHAPTER 2 Software Process and Other Models 19<br />
EXAMPLE 2.17<br />
The following code is for a push method on a finite stack:<br />
int push(int item) {<br />
if (stackindex == MAX) {return ERROR;}<br />
stack[stackindex++] = item;<br />
return 0;<br />
}<br />
From this code, two states with different behavior of the function can be identified.<br />
Note that the stackindex starts at zero. One state is related to the condition<br />
stackindex == MAX, and the other state is related to the condition<br />
stackindex != MAX. Analysis of the increment will show that the second state is<br />
stackindex < MAX (at least from this method). Analyzing the pop method will<br />
reveal the empty state of the stack.<br />
2.11 Lattice Models<br />
A lattice is a mathematical structure that shows set relationships. Although not<br />
used in software development very often, it is being used more to show the<br />
relationships between sets of functions and attributes.<br />
EXAMPLE 2.18<br />
Draw a lattice model for a stackimplementation that has attributes for an array<br />
(s-array) and the index of the top element of the stack(index) and methods to<br />
push, pop, val (displays top value), and depth. (See Fig. 2-16.)<br />
pop, depth<br />
s-array<br />
index<br />
index s-array<br />
(empty)<br />
push, val<br />
Fig. 2-16. Lattice model for stack example.<br />
The top node represents the set of all the attributes and the bottom node the<br />
empty set. The nodes are annotated with the names of the functions that use that<br />
subset of the attributes.
20<br />
CHAPTER 2 Software Process and Other Models<br />
Review Questions<br />
1. What are the differences between a software life cycle model and a process model?<br />
2. What is the difference between a descriptive process model and a prescriptive process<br />
model?<br />
3. Why are decisions more common in prescriptive process models than in descriptive<br />
process models?<br />
4. Why should tasks in a process model be separated by an artifact?<br />
5. Why can’t a task in a process model start until its input artifacts exist?<br />
6. Why does every node in a process model have to have a path from the start node to<br />
itself and a path from itself to a terminal node?<br />
7. In Example 2.3, how can a person distinguish between a test review that only occurs<br />
after all the unit testing was complete and a test review that occurs after each module<br />
has been unit tested?<br />
8. What do data flow diagrams specify about control flow?<br />
9. When does a petri net firing position fire?<br />
10. What happens when a petri net firing position fires?<br />
11. What is the difference between the problem domain and the solution space?<br />
12. What changes in an object model from requirements to design?<br />
13. Classify each of the following relationships as either an inheritance relationship, an<br />
aggregation relationship, or a general association:<br />
Car—Lincoln Town car<br />
Person—Student<br />
Library—Library patron<br />
Book—Copy<br />
Car—Driver<br />
Patron—Book loan<br />
Class—Students<br />
14. Classify each of the following as a class or an instance of a class:<br />
My automobile<br />
Person<br />
Fred<br />
Vehicle<br />
Professor<br />
The CIS department<br />
15. What is the relationship between a scenario and a state diagram showing all possible<br />
sequences of actions?<br />
16. In an interaction diagram, is the calling class or the called class at the head of the<br />
arrow?<br />
17. Explain why the aggregation relation is a relation in the problem domain and not in<br />
the implementation domain.<br />
18. Why don’t data flow diagrams have rules about reachability between the nodes?
CHAPTER 2 Software Process and Other Models 21<br />
Problems<br />
1. Draw a process model for the task of painting the walls in a room. Include the<br />
following tasks: choose color, buy paint, clean the walls, stir the paint, paint the<br />
wall.<br />
2. The author uses interactive sessions when he teaches a course that includes distance<br />
learning students. The author divides the students into teams and posts a problem on<br />
the Web page. The teams work on the problem using chat rooms, ask questions of the<br />
instructor using a message board, and submit the solution via email. The instructor<br />
then grades the solutions using a grading sheet. Draw a process model for the interactive<br />
sessions.<br />
3. Draw a data flow diagram for the simple library problem.<br />
4. Draw a data flow diagram for a factory problem.<br />
5. Draw a data flow diagram for a grocery store problem.<br />
6. Draw an object model for a binary tree.<br />
7. Draw an instance diagram of the binary tree object model.<br />
8. Draw an object model for the grocery store problem.<br />
9. Draw an object model for the factory problem.<br />
10. Write additional scenarios for the patron checking out books from Example 2.11.<br />
11. Draw a state diagram for a graphical user interface that has a main menu, a file menu<br />
with a file open command, and quit commands at each menu. Assume that only one<br />
file can be open at a time.<br />
12. Extend the object model shown in Fig. 2-17 for the library problem to include a<br />
reservation object so patrons can reserve a book that has all copies checked out.<br />
patron<br />
name<br />
address<br />
loan<br />
loan status<br />
library<br />
book<br />
title<br />
author<br />
13. Build a state machine for the library problem with the ability to reserve books.<br />
book<br />
copy<br />
copy status<br />
Fig. 2-17. Library problem object model.
22<br />
CHAPTER 2 Software Process and Other Models<br />
Answers to Review Questions<br />
1. What are the differences between a software life cycle model and a process model?<br />
A software life cycle (SLC) model shows the major phases and the major deliverables,<br />
while a process model depicts the low-level tasks, the artifacts needed and produced,<br />
and the actors responsible for each low-level task.<br />
2. What is the difference between a descriptive process model and a prescriptive process<br />
model?<br />
A descriptive process model describes what has happened in a software development.<br />
It is often developed as the result of a postmortem analysis. A prescriptive model<br />
describes what should be done during software development, including responses to<br />
error situations.<br />
3. Why are decisions more common in prescriptive process models than in descriptive<br />
process models?<br />
Decisions are more common in prescriptive process models because a prescriptive<br />
process model is trying to cover what is done in alternative situations. Thus, it may<br />
need to specify the decision that is used to decide what to do next. A descriptive<br />
process model describes what happened, and alternative actions are usually not<br />
included.<br />
4. Why should tasks in a process model be separated by an artifact?<br />
If one process follows another process, some information or document from the first<br />
process is needed by the second. If this were not true, then the two processes would be<br />
independent of each other and one would not follow the other. This information or<br />
document should be identified and documented.<br />
5. Why can’t a task in a process model start until its input artifacts exist?<br />
If one process depends on information from another, this second process cannot start<br />
until the first process is finished. Some other process notations allow concurrency<br />
between two tasks, where the first process has to start before the second process starts<br />
and the second process has to finish after the first process finishes.<br />
6. Why does every node in a process model have to have a path from the start node to<br />
itself and a path from itself to a terminal node?<br />
If there is not a path from a start node to every node, then some nodes in the process<br />
model are never reachable and can be eliminated. If there is not a path from the<br />
current node to the terminal node, then there is an infinite loop. Neither of these<br />
situations is desirable and they need to be investigated.<br />
7. In Example 2.3, how can a person distinguish between a test review that only occurs<br />
after all the unit testing was complete and a test review that occurs after each module<br />
has been unit tested?
CHAPTER 2 Software Process and Other Models 23<br />
The label on the test results arrow implies that the output from the unit testing module<br />
has the results of more than one execution. Thus, it implies that the test review occurs<br />
only after multiple units are tested.<br />
8. What do data flow diagrams specify about control flow?<br />
Data flow diagrams do not specify control flow. Some sequence information may be<br />
inferred but nothing else.<br />
9. When does a petri net firing position fire?<br />
A petri net firing position fires when there is a token on every input node of the firing<br />
position.<br />
10. What happens when a petri net firing position fires?<br />
A token is placed on every output node of the firing position.<br />
11. What is the difference between the problem domain and the solution space?<br />
The problem domain is part of the real world and consists of entities that exist in the<br />
real world. The solution space consists of software entities in the implementation of the<br />
solution.<br />
12. What changes in an object model from requirements to design?<br />
Initially, the objects are entities in the problem domain. As the development moves<br />
into the design phase, those objects become entities in the solution space.<br />
13. Classify each of the following relationships as either an inheritance relationship, an<br />
aggregation relationship, or a general association:<br />
Car—Lincoln town car Inheritance<br />
Person—Student Inheritance<br />
Library—Library patron Aggregation<br />
Book—Copy General association<br />
Car—Driver General association<br />
Patron—Book loan General association<br />
Class—Students Aggregation<br />
14. Classify each of the following as a class or an instance of a class:<br />
My automobile Instance<br />
Person Class<br />
Fred Instance<br />
Vehicle Class<br />
Professor Class<br />
The CIS department Instance<br />
15. What is the relationship between a scenario and a state diagram showing all possible<br />
sequences of actions?<br />
The scenario would be just one path through part or all of the state diagram.<br />
16. In an interaction diagram, is the calling class or the called class at the head of the<br />
arrow?
24<br />
The called class is at the head of the arrow. The function on the arrow must be a<br />
function of the class at the head of arrow.<br />
17. Explain why the aggregation relation is a relation in the problem domain and not in<br />
the implementation domain.<br />
There is no difference in the implementation of an aggregation relation and other<br />
association relations. In fact, it can be hard to decide if some relations are really<br />
aggregations or not. For example, it is obvious that a car is an aggregation of the<br />
car’s parts. However, it is not obvious whether a store should be considered an aggregation<br />
of customers.<br />
18. Why don’t data flow diagrams have rules about reachability between the nodes?<br />
Data flow diagrams do not show control. Thus, two processes may not be linked in a<br />
data flow diagram. If each process uses different input data and produces different<br />
output data, and no output from one is used as an input for the other, there will not be<br />
an arc between them.<br />
Answers to Problems<br />
1. Draw a process model for the task of painting the walls in a room. Include the<br />
following tasks: choose color, buy paint, clean the walls, stir the paint, and paint<br />
the wall.<br />
See Fig. 2-18.<br />
CHAPTER 2 Software Process and Other Models<br />
Choose<br />
color<br />
Clean<br />
walls<br />
Color<br />
choice<br />
Cleaned<br />
walls<br />
Buy<br />
paint<br />
Paint<br />
walls<br />
Fig. 2-18. Process model from painting walls.<br />
Correct<br />
paint<br />
Stirred<br />
paint<br />
Painted<br />
walls<br />
Stir<br />
paint<br />
2. The author uses interactive sessions when he teaches a course that includes distance<br />
learning students. The author divides the students into teams and posts a problem on
CHAPTER 2 Software Process and Other Models 25<br />
the Web page. The teams work on the problem using chat rooms, ask questions of the<br />
instructor using a message board, and submit the solution via email. The instructor<br />
then grades the solutions using a grading sheet. Draw a process model for the interactive<br />
sessions.<br />
See Fig. 2-19.<br />
Instructor<br />
Class list<br />
Class goals<br />
Grading sheet<br />
Answer<br />
questions<br />
Ask<br />
questions<br />
3. Draw a data flow diagram for the simple library problem.<br />
See Fig. 2-20.<br />
Create<br />
teams<br />
Create<br />
task<br />
Create<br />
grading<br />
sheet<br />
IS<br />
info<br />
Task<br />
statement<br />
Message<br />
board<br />
Team<br />
list<br />
Task<br />
statement<br />
Grading<br />
sheet<br />
Prepare<br />
Draft<br />
answer<br />
IS<br />
info<br />
Process model for preparing for interactive session.<br />
Instructor<br />
Send<br />
participation<br />
msg before<br />
7:15<br />
Student<br />
Submit<br />
answer by<br />
10:15<br />
dag’s<br />
email<br />
Process model for tasks during the interactive session.<br />
Fig. 2-19<br />
Team<br />
members<br />
& TL<br />
Chat room<br />
Preinteractive<br />
session activities<br />
TL<br />
Activities<br />
during interactive<br />
session
26<br />
new book<br />
4. Draw a data flow diagram for a factory problem.<br />
request<br />
See Fig. 2-21.<br />
5. Draw a data flow diagram for a grocery store.<br />
grocery<br />
list<br />
materials<br />
See Fig. 2-22.<br />
weekly<br />
order<br />
6. Draw an object model for a binary tree.<br />
See Fig. 2-23.<br />
CHAPTER 2 Software Process and Other Models<br />
catalog<br />
book<br />
book<br />
shelve<br />
book<br />
on shelf<br />
check out<br />
book<br />
checked in book<br />
Fig. 2-20. Data flow diagram for library problem.<br />
order<br />
take an order make schedule<br />
build product<br />
schedule<br />
product<br />
Fig. 2-21. Factory problem data flow diagram.<br />
select items<br />
identify needs<br />
unload<br />
delivery<br />
items<br />
sales data<br />
borrowed<br />
book<br />
fill order<br />
return<br />
book<br />
full cart groceries<br />
check out<br />
weekly needs order<br />
call supplier<br />
stock shelves<br />
Fig. 2-22. Grocery store data flow diagram.<br />
node<br />
nval* val<br />
node* left<br />
node* right<br />
btree<br />
node* tnode<br />
addnode()<br />
printree()<br />
nval<br />
int value<br />
Fig. 2-23 Binary tree object model.<br />
filled<br />
shelves order<br />
filled order
CHAPTER 2 Software Process and Other Models 27<br />
7. Draw an instance diagram of the binary tree object model.<br />
See Fig. 2-24.<br />
nval<br />
20<br />
btree<br />
8. Draw an object model for the grocery store problem.<br />
See Fig. 2-25.<br />
9. Draw an object model for the factory problem.<br />
See Fig. 2-26.<br />
node<br />
val<br />
left<br />
right<br />
customer<br />
customer<br />
supplier<br />
node<br />
val<br />
left<br />
right<br />
node<br />
val<br />
left<br />
right<br />
node<br />
val<br />
left<br />
right<br />
nval<br />
30<br />
nval<br />
13<br />
nval<br />
10<br />
Fig. 2-24. Instance diagram for binary tree.<br />
grocery store<br />
item<br />
upc code<br />
price<br />
quantity<br />
Fig. 2-25. Grocery store problem object model.<br />
order<br />
factory<br />
node<br />
val<br />
left<br />
right<br />
sale<br />
upc<br />
quantity<br />
TEAMFLY<br />
schedule<br />
Fig. 2-26. Factory object model.<br />
product<br />
nval<br />
12
28<br />
10. Write additional scenarios for the patron checking out books from Example 2.11.<br />
Fred goes to the library and cannot find a book to check out.<br />
Fred goes to the library and checks out two books. Then he goes back to the library<br />
and checks out three more books. Fred returns the second three books on time. Fred<br />
returns the first two books late.<br />
11. Draw a state diagram for a graphical user interface that has a main menu, a file menu<br />
with a file open command, and quit commands at each menu. Assume that only one<br />
file can be open at a time.<br />
See Fig. 2-27.<br />
Note that ‘‘close file’’ was not mentioned in the problem spec but a transition out of<br />
the ‘‘file open’’ state is required.<br />
12. Extend the following object model for the library problem to include a reservation<br />
object so patrons can reserve a book that has all copies checked out.<br />
See Fig. 2-28.<br />
13. Build a state machine for the library problem with the ability to reserve books.<br />
See Fig. 2-29.<br />
CHAPTER 2 Software Process and Other Models<br />
quit<br />
enter<br />
main<br />
menu<br />
patron<br />
name<br />
address<br />
quit<br />
open file<br />
not found<br />
file open file<br />
end<br />
file<br />
menu<br />
Fig. 2-27. State diagram for GUI.<br />
loan<br />
loan status<br />
library<br />
reservation<br />
book<br />
title<br />
author<br />
book<br />
close file<br />
copy<br />
copy status<br />
Fig. 2-28. Library object model.<br />
file<br />
open
CHAPTER 2 Software Process and Other Models 29<br />
on reshelve<br />
rack<br />
returned late<br />
overdue<br />
put on shelf<br />
put on reserved<br />
not claimed<br />
returned<br />
overdue<br />
reserved<br />
checked out<br />
Fig. 2-29. State machine for library problem.<br />
claimed<br />
available<br />
check out
Software Project<br />
Management<br />
3.1 Introduction<br />
30<br />
Although the word ‘‘manager’’ may remind many of us of the manager in the<br />
‘‘Dilbert’’ comic strip, management is important. Software project management is<br />
the important task of planning, directing, motivating, and coordinating a group of<br />
professionals to accomplish software development. Software project management<br />
uses many concepts from management in general, but it also has some concerns<br />
unique to software development. One such concern is project visibility.<br />
The lack of visibility of the software product during software development<br />
makes it hard to manage. In many other fields, it is easy to see progress or lack<br />
of progress. Many software projects get stalled at 90 percent complete. Ask any<br />
programmer if that bug that he or she found is the last bug in the software, and the<br />
answer will almost always be an emphatic yes. Many of the techniques in software<br />
management are aimed at overcoming this lack of visibility.<br />
3.2Management Approaches<br />
A basic issue in software project management is whether the process or the<br />
project is the essential feature being managed. In process-oriented management,<br />
the management of the small tasks in the software life cycle is emphasized. In<br />
project management, the team achieving the project is emphasized. This results<br />
in important differences in viewpoint. In a process management approach, if the<br />
team does not follow the prescribed software life cycle, this would be a major<br />
difficulty. In a project management approach, success or failure is directly attributed<br />
to the team.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
CHAPTER 3 Software Project Management 31<br />
3.3 Team Approaches<br />
Organizing a group of people into an efficient and effective team can be a difficult<br />
task. Letting a team develop its own paradigm can be risky. Choosing a team<br />
organization based on the project and the team members may help avoid disaster.<br />
One aspect of a team is the amount of structure in the team. While some groups<br />
of programmers can work very independently, other groups need strong structure<br />
to make progress. The chief programmer team mentioned in the next section is an<br />
example of a strongly structured team. In a strongly structured team, small assignments<br />
are made to each member. These are often called ‘‘inch pebbles’’ because the<br />
assignments are small milestones. In a weakly structured team, the tasks are<br />
usually of longer duration and more open-ended.<br />
Some teams consist of people with similar skills. These teams often stay<br />
together through many projects. Other teams are composed of people with different<br />
expertise that are grouped into a team based on the need for specific skills for a<br />
project. This is often called a matrix organization.<br />
3.3.1 CHIEF PROGRAMMER TEAMS<br />
IBM developed the chief programmer team concept. It assigns specific roles to<br />
members of the team. The chief programmer is the best programmer and leads the<br />
team. Nonprogrammers are used on the team for documentation and clerical<br />
duties. Junior programmers are included to be mentored by the chief programmer.<br />
EXAMPLE 3.1<br />
Draw a high-level process model for a hierarchical team organization. (See Fig. 3-1.)<br />
Team leader<br />
Requirements<br />
Make new<br />
assignments<br />
Results<br />
Determine<br />
tasks<br />
Assignments<br />
Perform<br />
tasks<br />
Fig. 3-1. High-level process model for hierarchical team structure.
32<br />
EXAMPLE 3.2<br />
Company WRT has an IT department with a few experienced software developers<br />
and many new programmers. The IT manager has decided to use highly structured<br />
teams using a process approach to managing. Each team will be led by an<br />
experienced software developer. Each team member will be given a set of tasks<br />
weekly. The team leader will continually review progress and make new<br />
assignments.<br />
3.4 Critical Practices<br />
CHAPTER 3 Software Project Management<br />
Most studies of software development have identified sets of practices that seem<br />
critical for success. The following 16 critical success practices come from the<br />
Software Project Managers Network (www.spmn.com):<br />
Adopt continuous risk management.<br />
Estimate cost and schedule empirically.<br />
Use metrics to manage.<br />
Track earned value.<br />
Track defects against quality targets.<br />
Treat people as the most important resource.<br />
Adopt life cycle configuration management. 1<br />
Manage and trace requirements.<br />
Use system-based software design.<br />
Ensure data and database interoperability.<br />
Define and control interfaces.<br />
Design twice, code once.<br />
Assess reuse risks and costs.<br />
Inspect requirements and design.<br />
Manage testing as a continuous process.<br />
Compile and smoke-test frequently.<br />
EXAMPLE 3.3<br />
The IT manager of company WRT needs a software process that will aid his<br />
inexperienced software developers in successful software development. The<br />
manager uses the best-practices list to ensure that his software process will<br />
include important activities.<br />
Practice 1: Adopt continuous risk management. The manager includes process<br />
steps throughout the life cycle in which the possible risks are identified and<br />
evaluated, and tasks are included to ameliorate the risks.<br />
1<br />
A configuration management tool will store and safeguard multiple versions of source code and documentation.<br />
The user can retrieve any version.
CHAPTER 3 Software Project Management 33<br />
Practice 2: Estimate cost and schedule empirically. The manager includes a<br />
process step to estimate the costs at the beginning of the life cycle and steps to<br />
reestimate the costs throughout the life cycle. Steps include archiving the data to<br />
be used for future estimation.<br />
Practice 3: Use metrics to manage. The manager chooses metrics and includes<br />
steps for metric recording and steps for evaluating progress based on the metrics.<br />
Practice 4: Track earned value. The manager includes steps to calculate earned<br />
value (see below) and to post the calculations.<br />
Practice 5: Track defects against quality targets. The manager establishes goals<br />
for the number of defect reports that are received. Process steps for posting the<br />
number of defect reports are included.<br />
Practice 6: Treat people as the most important resource. The manager reviews<br />
the whole software process to consider the impact on the programmer.<br />
Practice 7: Adopt life cycle configuration management. The manager includes in<br />
the process the use of a configuration management tool for all documents and<br />
includes process steps to enter all documents and changes into the configuration<br />
management tool.<br />
Practice 8: Manage and trace requirements. The manager includes process<br />
steps to acquire the requirements from the user and steps to trace each<br />
requirement to the current phase of development.<br />
Practice 9: Use system-based software design. The manager includes steps to<br />
ensure a system-based design.<br />
Practice 10: Ensure data and database interoperability. The manager includes<br />
steps to checkfor interoperability between the data and the database.<br />
Practice 11: Define and control interfaces. The manager includes steps to define<br />
and baseline the interfaces.<br />
Practice 12: Design twice, code once. The manager includes design review<br />
steps.<br />
Practice 13: Assess reuse risks and costs. The manager includes steps to<br />
identify areas of potential reuse and steps to assess costs and risks.<br />
Practice 14: Inspect requirements and design. The manager includes inspection<br />
steps in both the requirements and design phases.<br />
Practice 15: Manage testing as a continuous process. The manager includes<br />
testing steps in all phases.<br />
Practice 16: Compile and smoke-test frequently. The manager includes frequent<br />
testing steps in the implementation phase.<br />
3.5 Capability Maturity Model<br />
The Software Engineering Institute (www.sei.cmu.edu) has developed the<br />
Capability Maturity Models. The Software Engineering Capability Maturity<br />
Model (SE-CMM) is used to rate an organization’s software development process.<br />
An assessment of an organization’s practices, processes, and organization is used<br />
to classify an organization at one of the following levels:<br />
Level 1: Initial—This is the lowest level and usually characterized as chaotic.
34<br />
Level 2: Repeatable—This level of development capability includes project<br />
tracking of costs, schedule, and functionality. The capability exists to repeat<br />
earlier successes.<br />
Level 3: Defined—This level has a defined software process that is documented<br />
and standardized. All development is accomplished using the standard processes.<br />
Level 4: Managed—This level quantitatively manages both the process and the<br />
products.<br />
Level 5: Optimizing—This level uses the quantitative information to continuously<br />
improve and manage the software process.<br />
Most organizations will be assessed at level 1 initially. Improving to higher<br />
levels involves large efforts at organization and process management. Level 5<br />
has been achieved by only a few organizations.<br />
3.6 Personal Software Process<br />
CHAPTER 3 Software Project Management<br />
Watts Humphrey 2 has developed the Personal Software Process to improve the<br />
skills of the individual software engineer. His approach has the individual maintain<br />
personal time logs to monitor and measure the individual’s skills. One result<br />
of this is measuring an individual’s productivity. The usual measure of productivity<br />
is lines of code produced per day (LOC/day). Additionally, errors are timed<br />
and recorded. This allows an individual to learn where errors are made and to<br />
assess different techniques for their effect on productivity and error rates.<br />
Additionally, the productivity can be used to evaluate the reasonableness of<br />
proposed schedules.<br />
EXAMPLE 3.4<br />
Programmer X recorded this time log.<br />
Date Start Stop Interruptions Delta Task<br />
1/1/01 09:00 15:30 30 lunch 360 Code 50 LOC<br />
1/3/01 09:00 14:00 30 lunch 270 Code 60 LOC<br />
1/4/01 09:00 11:30 150 Code 50 LOC<br />
12:00 14:00 120 testing<br />
2 W. Humphrey. Introduction to the Personal Software Process. Addison-Wesley, 1997.
CHAPTER 3 Software Project Management 35<br />
The programmer spent 360 + 270 + 150 + 120 = 900 minutes to write and test a<br />
program of 160 LOC. Assuming 5 hours per day (300 minutes/day), X spent<br />
effectively 3 days to program 160 LOC. This gives a productivity of 53 LOC/day.<br />
When X’s manager schedules a weekto code a 1000 = LOC project, X is able to<br />
estimate that the project will take about 4 weeks.<br />
3.7 Earned Value Analysis<br />
One approach to measuring progress in a software project is to calculate how<br />
much has been accomplished. This is called earned value analysis. It is basically<br />
the percentage of the estimated time that has been completed. Additional measures<br />
can be calculated.<br />
Although this is based on estimated effort, it could be based on any quantity<br />
that can be estimated and is related to progress.<br />
3.7.1 BASIC MEASURES<br />
Budgeted Cost of Work (BCW): The estimated effort for each work task.<br />
Budgeted Cost of Work Scheduled (BCWS): The sum of the estimated effort<br />
for each work task that was scheduled to be completed by the specified time.<br />
Budget at Completion (BAC): The total of the BCWS and thus the estimate of<br />
the total effort for the project.<br />
Planned Value (PV): The percentage of the total estimated effort that is<br />
assigned to a particular work task; PV = BCW/BAC.<br />
Budgeted Cost of Work Performed (BCWP): The sum of the estimated efforts<br />
for the work tasks that have been completed by the specified time.<br />
Actual Cost of Work Performed (ACWP): The sum of the actual efforts for the<br />
work tasks that have been completed.<br />
3.7.2PROGRESS INDICATORS<br />
Earned Value (EV) = BCWP/BAC<br />
= The sum of the PVs for all completed work tasks<br />
= PC = Percent complete<br />
Schedule Performance Index(SPI) = BCWP/BCWS<br />
Schedule Variance (SV) = BCWP BCWS<br />
Cost Performance Index(CPI) = BCWP/ACWP<br />
Cost Variance (CV) = BCWP ACWP<br />
EXAMPLE 3.5<br />
Company LMN is partway through its project. The job log below indicates the<br />
current status of the project.
36<br />
Work Task<br />
3.8 Error Tracking<br />
CHAPTER 3 Software Project Management<br />
Estimated<br />
Effort<br />
(programmerdays)<br />
Actual Effort<br />
So Far<br />
(programmerdays)<br />
Estimated<br />
Completion<br />
Date<br />
Actual Date<br />
Completed<br />
1 5 10 1/25/01 2/1/01<br />
2 25 20 2/15/01 2/15/01<br />
3 120 80 5/15/01<br />
4 40 50 4/15/01 4/1/01<br />
5 60 50 7/1/01<br />
6 80 70 9/01/01<br />
The BAC is the sum of the estimations. BAC = 330 days. BAC is an estimate of<br />
the total work. On 4/1/01, tasks 1,2, and 4 have been completed. The BCWP is the<br />
sum of the BCWS for those tasks. So BCWP is 70 days. The earned value (EV) is<br />
70/330, or 21.2 percent. On 4/1/01 tasks 1 and 2 were scheduled to be completed<br />
and 1,2, and 4 were actually completed. So BCWP is 70 days and BCWS is 30<br />
days. Thus, SPI is 70/30, or 233 percent. The SV = 70 days 30 days = +40 days,<br />
or 40 programmer-days ahead. The ACWP is the sum of actual effort for tasks 1,<br />
2, and 4. So, ACWP is 80 programmer-days. CPI is 70/80 = 87.5 percent. The CV<br />
= 70 programmer-days 80 programmer-days = 10 programmer-days, or 10<br />
programmer-days behind.<br />
EXAMPLE 3.6<br />
On 7/1/01, assume that task3 has also been completed using 140 days of actual<br />
effort, so BCWP is 190 and EV is 190/330, or 57.5 percent. On 7/1/01, tasks 1, 2,<br />
3, and 4 were actually completed. So BCWP is 190 days and BCWS is 250 days.<br />
Thus, SPI is 190/250 = 76 percent. The SV is 190 programmer-days 250<br />
programmer-days = 60 programmer-days, or 60 programmer days behind. ACWP<br />
is the sum of actual effort for 1, 2, 3, and 4. So ACWP is 220 programmer-days.<br />
Tasks 1 through 5 were scheduled to have been completed, but only 1 through 4<br />
were actually completed. CPI is 190/220 = 86.3 percent, and CV is 190–220, or 30<br />
programmer-days behind.<br />
One excellent management practice is error tracking, which is keeping track of the<br />
errors that have occurred and the inter-error times (the time between occurrences<br />
of the errors). This can be used to make decisions about when to release software.<br />
An additional effect of tracking and publicizing the error rate is to make the
CHAPTER 3 Software Project Management 37<br />
software developers aware of the significance of errors and error reduction. The<br />
effects of changes in the software process can be seen in the error data.<br />
Additionally, making the errors and error detection visible encourages testers<br />
and developers to keep error reduction as a goal.<br />
The error rate is the inverse of the inter-error time. That is, if errors occur every 2<br />
days, then the instantaneous error rate is 0.5 errors/day. The current instantaneous<br />
error rate is a good estimate of the current error rate. If the faults that cause errors<br />
are not removed when the errors are found, then the cumulative error rate (the sum<br />
of all the errors found divided by the total time) is a good estimate of future error<br />
rates. Usually, most errors are corrected (the faults removed), and thus the error<br />
rates should go down and the inter-error times should be increasing. Plotting this<br />
data can show trends in the error rate (errors found per unit time). Fitting a straight<br />
line to the points is an effective way to display the trend. The trend can be used to<br />
estimate future error rates. When the trend crosses the x-axis, the estimate of the<br />
error rate is zero, or there are no more errors. If the x-axis is number of errors, the<br />
value of the x-intercept can be used as an estimate of the total number of errors in<br />
the software. If the x-axis is the elapsed time of testing, the intercept is an estimate<br />
of the testing time necessary to remove all errors. The area under this latter line is<br />
an estimate of the number of errors originally in the software.<br />
EXAMPLE 3.7<br />
Consider the following error data (given as the times between errors): 4, 3, 5, 6, 4,<br />
6, 7. The instantaneous error rates are the inverses of the inter-error times: 0.25,<br />
0.33, 0.20, 0.17, 0.25, 0.17, and 0.14. Plotting these against error number gives a<br />
downward curve, as shown in Figure 3-2. This suggests that the actual error rate is<br />
decreasing.<br />
Number of Errors<br />
0.4<br />
0.3<br />
0.2<br />
0.1<br />
0<br />
TEAMFLY<br />
1 2 3 4 5 6 7 8 9 10 11 12 13<br />
Error Rates<br />
Fig. 3-2. Plot of error rates.<br />
A straight line through the points would intersect the axis about 11. Since this<br />
implies that the error rate would go to zero at the eleventh error, an estimate of the<br />
total number of errors in this software would be 11 errors. Since seven errors have<br />
been found, this suggests that there may be four more errors in the software.<br />
3.9 Postmortem Reviews<br />
One critical aspect of software development is to learn from your mistakes and<br />
successes. In software development, this is called a postmortem. It consists of<br />
Error
38<br />
Project Name<br />
Project X<br />
Management<br />
measures<br />
Subjective<br />
comments on<br />
estimation<br />
Subjective<br />
comments on<br />
process<br />
Subjective<br />
comments on<br />
schedule<br />
CHAPTER 3 Software Project Management<br />
Start Date—Sept. 5, 00 Completion Date – Dec 8, 00<br />
Size Effort<br />
Good<br />
Effort was close in total.<br />
Quality Errors found.<br />
Subjective<br />
comments on<br />
quality<br />
Problem:<br />
Initial req<br />
ambiguity<br />
Estimated Actual<br />
3000 LOC 5000 LOC<br />
Bad<br />
Imp effort was underestimated.<br />
Good Bad<br />
Team members did not complete asgn on<br />
time.<br />
Good Bad<br />
Not enough time for imp.<br />
Req Design Unit Integ Postdel<br />
Good Bad<br />
System not tested well.<br />
Description:<br />
Format of input file was initially wrong<br />
Impact:<br />
2 weeks wasted<br />
Problem: Description: Impact:<br />
Problem: Description: Impact:<br />
Problem: Description: Impact:<br />
30<br />
Estimated Actual<br />
12,000 min 10,000 min<br />
ave max<br />
mccabe 4 30<br />
Method/class 6 10<br />
Attributes/class 10 15<br />
LOC/class 150 500
CHAPTER 3 Software Project Management 39<br />
assembling key people from the development and the users groups. Issues consist<br />
of quality, schedule, and software process. It is important that everyone feel free to<br />
express opinions. A formal report needs to be produced and distributed. The<br />
reports should not be sanitized.<br />
EXAMPLE 3.8<br />
Company JKL produced the postmortem report shown on p. 38.<br />
Review Questions<br />
1. What is meant by visibility?<br />
2. What is the difference between a process approach and a project approach?<br />
3. For a new project that is very different from any previous project, would a process or<br />
project management approach be better?<br />
4. What is the advantage of making many small, ‘‘inch-pebble’’ assignments?<br />
5. Which earned value progress measures can decrease during a project?<br />
6. For which of the earned value progress measures is a value greater than 1 good?<br />
7. What would be the advantage of using the inverse of SPI and CPI?<br />
Problems<br />
1. Draw a process model for a team that has a weak structure and depends on the team<br />
discussions to set directions and resolve issues.<br />
2. Using the following time log, calculate the programmer’s productivity in LOC/day.<br />
Assume that project 1 was 120 LOC and project 2 was 80 LOC.<br />
Date Start Stop Interruptions Delta Task<br />
2/1/01 08:30 16:30 60 lunch Proj 1 coding<br />
2/2/01 09:00 17:00 30 lunch Proj 1 coding<br />
2/5/01 09:00 17:30 30 lunch, 60 mtg Proj 2 coding<br />
2/6/01 07:30 12:00 Proj 2 coding
40<br />
CHAPTER 3 Software Project Management<br />
3. Using the following job log, calculate all of the basic measures and the progress<br />
indicators. Is the project on schedule? Assume that it is currently 5/01/01.<br />
Work Task<br />
Estimated Effort<br />
(programmerdays)<br />
Actual Effort<br />
So Far<br />
(programmerdays)<br />
Estimated<br />
Completion Date<br />
Actual Date<br />
Completed<br />
1 50 70 1/15/01 2/1/01<br />
2 35 20 2/15/01 2/15/01<br />
3 20 40 2/25/01 3/1/01<br />
4 40 40 4/15/01 4/1/01<br />
5 60 10 6/1/01<br />
6 80 20 7/1/01<br />
4. Use a spreadsheet to calculate the PV and the progress indicators for the following<br />
project at half-month intervals from January 1 through September 1.<br />
Work Task<br />
Estimated Effort<br />
(programmerdays)<br />
Actual Effort<br />
(programmerdays)<br />
Estimated<br />
Completion Date<br />
Actual Date<br />
Completed<br />
1 30 37 1/1 2/1<br />
2 25 24 2/15 2/15<br />
3 30 41 3/1 3/15<br />
4 50 47 4/15 4/1<br />
5 60 63 5/1 4/15<br />
6 35 31 5/15 6/1<br />
7 55 58 6/1 6/1<br />
8 30 28 6/15 6/15<br />
9 45 43 7/1 7/15<br />
10 25 29 8/1 8/15<br />
11 45 49 8/15 9/1
CHAPTER 3 Software Project Management 41<br />
5. A professor has 40 homework assignments and 40 exams to grade. The exams usually<br />
take 3 times as long to grade as the homework assignments. Calculate the PV for each<br />
homework and for each exam. After 5 hours, if the professor has half of the exams<br />
done, how long should he estimate it will take to complete the grading?<br />
6. Given the following inter-error times (that is, the time between occurrences of errors),<br />
use plots to estimate the total original number of errors and the time to completely<br />
remove all errors: 6, 4, 8, 5, 6, 9, 11, 14, 16, 19.<br />
7. The project started on January 1 and should be finished by June 1. It is now March 1.<br />
Complete the following table. Calculate EV, SPI, SV, and CV. Determine whether the<br />
project is on time. Justify your answer. Show your work.<br />
Job # Est. Time Actual Time Spent PV Due Date Completed<br />
1 30 10 Feb. 1<br />
2 20 30 Mar. 1 Yes<br />
3 50 30 May 1 Yes<br />
4 100 5 Jun. 1<br />
Answers to Review Questions<br />
1. What is meant by visibility?<br />
Visibility is the attribute of being able to see the progress or lack of progress in a<br />
project.<br />
2. What is the difference between a process approach and a project approach?<br />
A process approach is similar to an assembly line, where each person has a task to be<br />
done. Developers may do the same task on multiple projects—for example, a test team<br />
or a design team. A project emphasis would give the team the responsibility for the<br />
whole effort in developing a project.<br />
3. For a new project that is very different from any previous project, would a process or<br />
project management approach be better?<br />
Process management works well with projects that are well understood. A new, very<br />
different project might be better managed by a project approach that emphasizes<br />
success in the project.
42<br />
4. What is the advantage of making many small, ‘‘inch-pebble’’ assignments?<br />
If a deadline or assignment is missed, the project is behind. The smaller the time<br />
between deadlines, the sooner it is evident if a project is behind. It is said that a project<br />
can only slip the length of an assignment before the manager can see the delay.<br />
5. Which earned value progress measures can decrease during a project?<br />
All but the earned value, which must increase.<br />
6. For which of the earned value progress measures is a value greater than 1 good?<br />
For SPI and SV, a value greater than 1 implies that more is being accomplished than<br />
was scheduled. For CPI and CV, a value greater than 1 implies that effort is less than<br />
what was estimated. So all four of these are good if their values are greater than 1.<br />
7. What would be the advantage of using the inverse of SPI and CPI?<br />
The inverse of each could be used as a projection tool. If the inverse of SPI was 2, it<br />
would imply that project will take twice as long as estimated. If the inverse of CPI was<br />
2, it would imply that the project will take twice the effort that was estimated.<br />
Answers to Problems<br />
1. Draw a process model for a team that has a weak structure and depends on the team<br />
discussions to set directions and resolve issues.<br />
See Fig. 3-3.<br />
Requirements<br />
Discuss<br />
issues<br />
CHAPTER 3 Software Project Management<br />
Project<br />
direction<br />
Results<br />
Discuss<br />
issues<br />
Fig. 3-3. Process model for team with weak structures.<br />
Perform<br />
tasks<br />
Assignments
CHAPTER 3 Software Project Management 43<br />
2. Using the following time log, calculate the programmer’s productivity in LOC/day.<br />
Assume that project 1 was 120 LOC and project 2 was 80 LOC.<br />
Date Start Stop Interruptions Delta Task<br />
2/1/01 08:30 16:30 60 lunch Proj 1 coding<br />
2/2/01 09:00 17:00 30 lunch Proj 1 coding<br />
2/5/01 09:00 17:30 30 lunch, 60 mtg Proj 2 coding<br />
2/6/01 07:30 12:00 Proj 2 coding<br />
The delta time for day 1 is 8 hours 1 hour for lunch = 420 minutes; day 2 is 8 hours<br />
30 minutes = 450 minutes. So the productivity for project 1 is 120 LOC/ 870 minutes<br />
= 120 LOC/ 2.175 days = 55 LOC/programmer-day (assume 400 minutes per programmer<br />
day). The delta times for day 3 and 4 are 7 hours and 4.5 hours = 690<br />
minutes. The productivity is 80 LOC/ 1.725 days = 46.4 LOC/programmer-day.<br />
Overall, the programmer averaged 200 LOC/ 3.9 days = 51.3 LOC/programmer-day.<br />
3. Using the following job log, calculate all of the basic measures and the progress<br />
indicators. Is the project on schedule? Assume that it is currently 5/01/01.<br />
Work Task<br />
Estimated Effort<br />
(programmerdays)<br />
Actual Effort<br />
So Far<br />
(programmerdays)<br />
Estimated<br />
Completion Date<br />
Actual Date<br />
Completed<br />
1 50 70 1/15/01 2/1/01<br />
2 35 20 2/15/01 2/15/01<br />
3 20 40 2/25/01 3/1/01<br />
4 40 40 4/15/01 4/1/01<br />
5 60 10 6/1/01<br />
6 80 20 7/1/01<br />
The BCWS is 50+35+20+40=145 programmer-days. The BAC is<br />
50+35+20+40+60+80=285 programmer-days. The planned values (PVs) for the<br />
work tasks are 17.5 percent, 12.3 percent, 7.0 percent, 14.0 percent, 21.1 percent, 28.1<br />
percent. The earned value is 17.5 percent + 12.3 percent + 7 percent + 14 percent=50.7<br />
percent. The BCWP for 5/01/01 is the same as BCWS in this example<br />
because the scheduled work has been completed. Thus, SPI=145/145=1.
44<br />
CHAPTER 3 Software Project Management<br />
The schedule variance is 145 145=0. The cost performance index= 145 /170 =<br />
85.3 percent. This indicates that the actual effort is larger than the estimated effort. The<br />
cost variance is 145 170= 25. This also indicates that more effort has been required<br />
than was estimated.<br />
The project appears to be on schedule but is costing more than was planned.<br />
4. Use a spreadsheet to calculate the PV and the progress indicators for the following<br />
project at half-month intervals from January 1 through September 1.<br />
Work Task<br />
Estimated Effort<br />
(programmerdays)<br />
Actual Effort<br />
(programmerdays)<br />
Estimated<br />
Completion Date<br />
Actual Date<br />
Completed<br />
1 30 37 1/1 2/1<br />
2 25 24 2/15 2/15<br />
3 30 41 3/1 3/15<br />
4 50 47 4/15 4/1<br />
5 60 63 5/1 4/15<br />
6 35 31 5/15 6/1<br />
7 55 58 6/1 6/1<br />
8 30 28 6/15 6/15<br />
9 45 43 7/1 7/15<br />
10 25 29 8/1 8/15<br />
11 45 49 8/15 9/1<br />
bcw pv acw sched actual<br />
1 30 0.070 37 1-Jan 1-Feb<br />
2 25 0.058 24 15-Feb 15-Feb<br />
3 30 0.070 41 1-Mar 15-Mar<br />
4 50 0.116 47 15-Apr 1-Apr<br />
5 60 0.140 63 1-May 15-Apr<br />
6 35 0.081 31 15-May 1-Jun<br />
7 55 0.128 58 1-Jun 1-Jun<br />
8 30 0.070 28 15-Jun 15-Jun<br />
9 45 0.105 43 1-Jul 15-Jul<br />
10 25 0.058 29 1-Aug 15-Aug<br />
11 45 0.105 49 15-Aug 1-Sep<br />
BAC 430
CHAPTER 3 Software Project Management 45<br />
bcws bcwp acwp ev spi sv cpi cv<br />
1-Jan 30 0 0 0.00 0 –30 0 0<br />
15-Jan 30 0 0 0.00 0 –30 0 0<br />
1-Feb 30 30 37 0.07 1.00 0 0.81 –7<br />
15-Feb 55 55 61 0.13 1.00 0 0.90 –6<br />
1-Mar 85 55 61 0.13 0.65 –30 0.90 –6<br />
15-Mar 85 85 102 0.20 1.00 0 0.83 –17<br />
1-Apr 85 135 149 0.31 1.59 50 0.91 –14<br />
15-Apr 135 195 212 0.45 1.44 60 0.92 –17<br />
1-May 195 195 212 0.45 1.00 0 0.92 –17<br />
15-May 230 195 212 0.45 0.85 –35 0.92 –17<br />
1-Jun 285 285 301 0.66 1.00 0 0.95 –16<br />
15-Jun 315 315 329 0.73 1.00 0 0.96 –14<br />
1-Jul 360 315 329 0.73 0.88 –45 0.96 –14<br />
15-Jul 360 360 372 0.84 1.00 0 0.97 –12<br />
1-Aug 385 360 372 0.84 0.94 –25 0.97 –12<br />
15-Aug 430 385 401 0.90 0.90 –45 0.96 –16<br />
1-Sep 430 430 450 1.00 1.00 0 0.96 –20<br />
5. A professor has 40 homework assignments and 40 exams to grade. The exams usually<br />
take 3 times as long to grade as the homework assignments. Calculate the PV for each<br />
homework and for each exam. After 5 hours, if the professor has half of the exams<br />
done, how long should he estimate it will take to complete the grading?<br />
Assume a grading unit is equal to 1 homework assignment. Then this task has a total<br />
of 40 1 þ 40 3 ¼ 160 grading units. Each homework has a planned value of 1/160<br />
= 0.625 percent, and each exam has a planned value of 1.875 percent. After 5 hours,<br />
20 exams are completed, or 37.5 percent. Thus, 5/0.375 = 13.33 hours as the estimated<br />
total time, or 8.33 hours left.<br />
6. Given the following inter-error times (that is, the time between occurrences of errors),<br />
use plots to estimate the total original number of errors and the time to completely<br />
remove all errors.<br />
6, 4, 8, 5, 6, 9, 11, 14, 16, 19<br />
The inverses of the inter-error times are the instantaneous error rates. Plotting these<br />
rates against the error number gives a plot that shows a trend of decreasing error rates,<br />
as shown in Fig. 3-4.<br />
Error Rate<br />
0.3<br />
0.25<br />
0.2<br />
0.15<br />
0.5<br />
0.05<br />
0<br />
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17<br />
Number of Errors<br />
Fig. 3-4. Error rate plot.
46<br />
Fitting a straight line would show an x-intercept of about 15. Using this as an<br />
estimate of the total number of original errors, we estimate that there are still five<br />
errors in the software.<br />
The error rates can also be plotted against elapsed time (the sum of the previous<br />
inter-error times), as shown in Fig. 3-5.<br />
Error Rates<br />
Fitting a straight line to these points would give an x-intercept near 160. This would<br />
give an additional testing time of 62 units to remove all errors. The y-intercept would<br />
be around 0.25. The area under this line would be 0:5 160 0:25, or 20 errors. This<br />
would suggest about 10 errors left. The differences between these two estimates show<br />
the roughness of this approach.<br />
7. The project started on January 1 and should be finished by June 1. It is now March 1.<br />
Complete the following table. Calculate EV, SPI, SV, and CV. Determine whether the<br />
project is on time. Justify your answer. Show your work.<br />
Job # Est. Time Actual Time Spent PV Due Date Completed<br />
1 30 10 .15 Feb. 1<br />
2 20 30 .10 Mar. 1 Yes<br />
3 50 30 .25 May 1 Yes<br />
4 100 5 .50 Jun. 1<br />
BAC ¼ 200 BCWS ¼ 50 BCWP ¼ 70 ACWP ¼ 60<br />
EV ¼ 70=200 ¼ 0:35 SV ¼ 70 50 ¼ 20 SPI ¼ 70=50 ¼ 1:4 CV ¼ 70 60 ¼ 10<br />
The project is ahead of schedule.<br />
CHAPTER 3 Software Project Management<br />
0.3<br />
0.25<br />
0.2<br />
0.15<br />
0.1<br />
0.05<br />
0<br />
0 50 100 150<br />
200 250<br />
Time<br />
Fig. 3-5. Error rates vs. elapsed time.<br />
Errors
Software Project<br />
Planning<br />
4.1 Project Planning<br />
Planning is essential and software development is no exception. Achieving success<br />
in software development requires planning. Software project planning involves<br />
deciding what tasks need to be done, in what order to do the tasks, and what<br />
resources are needed to accomplish the tasks.<br />
4.2WBS—Work Breakdown Structure<br />
TEAMFLY<br />
One of the first tasks is to break the large tasks into small tasks. It means finding<br />
identifiable parts of the tasks. It also means finding deliverables and milestones that<br />
can be used to measure progress.<br />
The work breakdown structure (WBS) should be a tree structure. The top-level<br />
breakdown usually matches the life cycle model (LCM) used in the organization.<br />
The next-level breakdown can match the processes in the organization’s process<br />
model (PM). Further levels are used to partition the task into smaller, more<br />
manageable tasks.<br />
The following are rules for constructing a proper work breakdown structure:<br />
1. The WBSmust be a tree structure. There should be no loops or cycles in<br />
the WBS. Iterative actions will be shown in the process model and/or the<br />
life cycle model.<br />
2. Every task and deliverable description must be understandable and<br />
unambiguous. The purpose of a WBS is communication with team members.<br />
If the team members misinterpret what the task or deliverable is<br />
supposed to be, there will be problems.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
47
48<br />
3. Every task must have a completion criterion (often a deliverable). There<br />
must be a way to decide when a task is completed, because subtasks that<br />
have no definite ending encourage false expectations of progress. This<br />
decision is called a completion criterion. It may be a deliverable, for example,<br />
a complete design for the project, and then a peer review can decide if<br />
it is complete.<br />
4. All deliverables (artifacts) must be identified.<br />
duced by some task or it won’t be produced.<br />
A deliverable must be pro-<br />
5. Positive completion of the tasks must imply completion of the whole<br />
task. The purpose of the work breakdown schedule is to identify the<br />
subtasks necessary to complete the whole task. If important tasks or<br />
deliverables are missing, the whole task will not be accomplished.<br />
EXAMPLE 4.1<br />
In making a loaf of bread, the life cycle model for cooking might be as shown in<br />
Fig. 4-1.<br />
Select<br />
food<br />
CHAPTER 4 Software Project Planning<br />
The process model for cooking might be as shown in Fig. 4-2.<br />
Ingredients<br />
Recipe<br />
Assemble<br />
ingredients<br />
Mix<br />
Cook<br />
food<br />
Eat food<br />
Fig. 4-1. Life cycle model for cooking.<br />
Cook<br />
Uncooked<br />
food<br />
Fig. 4-2. Cooking process model.<br />
Clean up<br />
Cook Food<br />
The subtasks might be as follows:<br />
Choose ingredients, Checkon ingredients, Assemble ingredients, Add liquids,<br />
Add yeast, Add small amount of flour, Make sponge (yeast and liquids), Let rise
CHAPTER 4 Software Project Planning 49<br />
first time, Add remaining flour, Knead, Let rise second time, Form into loaves, Let<br />
rise third time, Bake, Slice, Butter, Eat, and Clean up.<br />
These can be divided into the phases of the life cycle model and processes of<br />
the process model (the leftmost are LCMs, those with one indent are PMs, those<br />
with two indents are tasks, and the deliverables are on the right):<br />
Select food<br />
Choose ingredients List of ingredients<br />
Checkon ingredients Shopping list<br />
Assemble ingredients<br />
Assemble ingredients Assembled ingredients<br />
Cookfood<br />
Mix<br />
Add liquids Liquid in bowl<br />
Add yeast Liquids with yeast<br />
Add small amount of flour Liquids and flour<br />
Make sponge (yeast and liquids) Sponge<br />
Let rise first time Risen sponge<br />
Add remaining flour and knead Kneaded dough<br />
Let rise second time Risen dough<br />
Form into loaves Loaves<br />
Let rise third time Risen loaves<br />
Cook<br />
Bake Bread<br />
Eat<br />
Slice Slice of bread<br />
Butter Buttered slice<br />
Eat Good taste<br />
Clean up<br />
Clean up Clean kitchen<br />
EXAMPLE 4.2<br />
Team XYZ wants to develop a face recognition system for use on the robot. The<br />
system is intended to greet visitors to the robotics laboratory. It should recognize<br />
faces it has seen before with a reasonable reliability. The first pass on the work<br />
breakdown might recognize the following subtasks:<br />
Feasibility<br />
Determine feasibility of vision.<br />
Determine camera and software availability.<br />
Schedule camera and vision software acquisition.<br />
Risk Analysis<br />
Determine vision risks.<br />
Requirements<br />
Specify requirements.<br />
Design<br />
Design prototypes.<br />
Prototype vision.
50<br />
Implementation<br />
Code the image capture.<br />
Code the image processing.<br />
Code the image comparison.<br />
Integrate with other robot software.<br />
Testing<br />
Test image capture.<br />
Delivery<br />
Document.<br />
CHAPTER 4 Software Project Planning<br />
Some of these subtasks are still very high level. These tasks may not have an<br />
obvious and checkable deliverable. That is, it may not be easy to determine definitively<br />
when a subtask has been completed. It is not suitable for a subtask to be<br />
done when the developer feels that it is done. There must be some way to determine<br />
objectively when a subtask has been completed properly.<br />
EXAMPLE 4.3<br />
The team broke the subtask ‘‘Code the image capture’’ into a more detailed set of<br />
subtasks, with each new subtask having a more specific deliverable and<br />
completion criterion. The set of subtasks and deliverables are the following:<br />
Install commercial camera driver. Installed driver<br />
Test driver from windows<br />
and save an image to file. Image file<br />
Write routine to call driver from C++. Routine<br />
Test C++ routine separately<br />
and save an image to file. Image from C++ code<br />
Test C++ routine from the main robot<br />
control software and capture image. Image from main<br />
4.3 PERT—Program Evaluation and Review<br />
Technique<br />
This technique creates a graph that shows the dependencies among the tasks. Each<br />
task has an estimate of the time necessary to complete the task and a list of other<br />
tasks that have to be completed before this task can be started (dependencies). The<br />
graph may not always have only one starting subtask or only one stopping subtask.<br />
The whole task is only completed when all the subtasks are completed. The<br />
graph can be used to calculate the completion times for all the subtasks, the<br />
minimum completion time for the whole task, and the critical path of the subtasks.<br />
4.3.1 ALGORITHM FOR COMPLETION TIMES<br />
1. For each node, do step 1.1 (until completion times of all nodes are calculated)<br />
1.1 If the predecessors are completed, then take the latest completions<br />
time of the predecessors and add required time for this node.
CHAPTER 4 Software Project Planning 51<br />
2. The node with the latest completion time determines the earliest completion<br />
time for project.<br />
EXAMPLE 4.4<br />
Apply this algorithm to Table 4-1, which shows an example of tasks and<br />
dependencies. The same dependencies are shown in Fig. 4-3. To apply the<br />
completion time algorithm, start with subtask a;it has no dependencies, so it can<br />
start at the initial time (say, 0). It can complete at time 0 þ 8 ¼ 8. Similarly, subtask<br />
b can complete at time 0 þ 10 ¼ 10. See Table 4-2. Note that since these subtasks<br />
are not dependent on each other or on anything else, they can start at time 0.<br />
Their completion times are calculated without concern for lack of resources. That<br />
is, for this completion calculation, it assumes that there are people available to do<br />
both tasks at the same time.<br />
Table 4-1 Subtasks<br />
Subtask ID Time to Complete Task Dependencies<br />
a 8<br />
b 10<br />
c 8 a,b<br />
d 9 a<br />
e 5 b<br />
f 3 c,d<br />
g 2 d<br />
h 4 f,g<br />
i 3 e,f<br />
8<br />
a<br />
b<br />
10<br />
c<br />
9<br />
d<br />
8<br />
e<br />
f<br />
2<br />
3<br />
4<br />
h<br />
g<br />
5 3<br />
Fig. 4-3. PERT diagram.<br />
i
52<br />
Table 4-2<br />
Subtask ID Start Time Completion Time Critical Path<br />
a 0 8<br />
b 0 10 *<br />
c 10 18 *<br />
d 8 17<br />
e 10 15<br />
f 18 21 *<br />
g 17 19<br />
h 21 25 *<br />
i 21 24<br />
Since the completion times for subtasks a and b are now calculated, the<br />
completion times for nodes c, d, and e can be calculated. Since the predecessors<br />
of c finish at 8 and 10, subtask c can start at 10 and complete at 10 + 8 = 16. The<br />
start time for d will be 8 and the completion time can be 8 + 9 = 17, and for e the<br />
times will be 10 and 10 + 5 = 14.<br />
Now we can process subtasks f and g. The start times can be 17 and 16,<br />
respectively. The completion times will be 17 + 3 = 20 for f and 16 + 2 = 18 for g.<br />
Subtasks h and i can now be calculated with both starting at 21 and h competing<br />
at 25 and i at 24. Table 4-2 has all of the start and completion times.<br />
4.3.2 CRITICAL PATH<br />
CHAPTER 4 Software Project Planning<br />
The critical path is the set of tasks that determines the shortest possible completion<br />
time. The completion time will be longer if there are insufficient resources to do all<br />
parallel activities. However, the completion time can never be made shorter by<br />
adding more resources.<br />
4.3.3 ALGORITHMFOR MARKING CRITICAL PATH<br />
1. Start with the node(s) with the latest completion time(s); mark it (them) as<br />
critical.
CHAPTER 4 Software Project Planning 53<br />
2. Select the predecessor(s) of the critical node(s) with latest completion<br />
time(s); mark it (them) as critical. Continue Step 2 until reaching the<br />
starting node(s).<br />
EXAMPLE 4.5<br />
In Table 4-2 we can see the completion times of all of the subtasks. Subtask h has<br />
the latest completion time, 25. Thus, we mark h as part of the critical path. The<br />
predecessors of h are f and g. Subtask f has the latest completion time of those<br />
two subtasks, so f is marked as part of the critical path.<br />
Subtask f has c and d as predecessors. Since c has the later completion time, c<br />
is marked as part of the critical path. Subtask c has a and b as predecessors, and<br />
since b has the later time, it is part of the critical path. Since we are now at an<br />
initial subtask, the critical path is complete.<br />
4.3.4 SLACK TIME<br />
Subtasks that are on the critical path have to be started as early as possible or else<br />
the whole project will be delayed. However, subtasks that are not on the critical<br />
path have some flexibility on when they are started. This flexibility is called the<br />
slack time.<br />
4.3.5 ALGORITHMFOR SLACK TIME<br />
1. Pick the noncritical node with the latest ending time that has not been<br />
processed. If the subtask has no successors, pick the latest ending time<br />
of all nodes. If the subtask has successors, pick the earliest of the latest<br />
start times of the successor nodes. This is the latest completion time for<br />
this subtask. Make the latest start time for this subtask to reflect this<br />
time.<br />
2. Repeat Step 1 until all noncritical path subtasks have been processed.<br />
EXAMPLE 4.6<br />
The noncritical subtask with the latest completion time is subtask i. Since it has no<br />
successors, the latest completion time, 25, is used. This is added as the latest<br />
completion time for i. Since 25 is 1 later than 24, the start time is changed from 21<br />
to 21,22. Now the latest nonprocessed, noncritical subtask is g. Since h is the only<br />
successor of g, and h must start by 21, g must end by 21. So the completion time<br />
of g becomes 19,21 and the start time becomes 17,19. The next subtask to be<br />
processed will be d. It has successors f and g. Subtask f has to start by 18, so d’s<br />
completion becomes 17,18, and its start becomes 8,9. The next subtask to be<br />
processed will be e. Subtask e has g and i as successors. Subtask g’s latest start<br />
time is 19 and i’s is 22, so subtask e becomes 10,14 for start times and 15,19 for<br />
completion times. The last subtask to be processed is a. It has successors c and<br />
d. Subtask a has to complete by 9, so the completion time will be 8,9, and its start<br />
time will be 0,1. Table 4-3 summarizes the results.
54<br />
Table 4-3 Subtasks with Slack Time<br />
Subtask ID Start Time Completion Time Critical Path<br />
a 0,1 8,9<br />
b 0 10 *<br />
c 10 18 *<br />
d 8,9 17,18<br />
e 10,14 15,19<br />
f 18 21 *<br />
g 17,19 19,21<br />
h 21 25 *<br />
i 21,22 24,25<br />
EXAMPLE 4.7 USING MICROSOFT PROJECT<br />
Open MS Project (version 98). Select PERT view on left menu. Under the Insert<br />
pull-down menu, insert a new task. Use the right mouse button to open task<br />
information. Change the time for the task to 5 days. Drag from this task to create a<br />
new task with a dependency on the first task, or go to the Insert menu to insert<br />
another new task. Create the tasks and dependencies from Example 4.5. The<br />
tasks on the critical path will be shown in red. Use the left menu bar to see the<br />
Gannt chart view of this project.<br />
4.4 Software Cost Estimation<br />
CHAPTER 4 Software Project Planning<br />
The task of software cost estimation is to determine how many resources are<br />
needed to complete the project. Usually this estimate is in programmer-months<br />
(PM).<br />
There are two very different approaches to cost estimation. The older approach<br />
is called LOC estimation, since it is based on initially estimating the number of<br />
lines of code that will need to be developed for the project. The newer approach is<br />
based on counting function points in the project description.<br />
4.4.1 ESTIMATION OF LINES OF CODE (LOC)<br />
The first step in LOC-based estimation is to estimate the number of lines of code in<br />
the finished project. This can be done based on experience, size of previous pro-
CHAPTER 4 Software Project Planning 55<br />
jects, size of a competitor’s solution, or by breaking down the project into smaller<br />
pieces and then estimating the size of each of the smaller pieces. A standard<br />
approach is, for each piecei, to estimate the maximum possible size, maxi, the<br />
minimum possible size, mini, and the ‘‘best guess’’ size, besti. The estimate for<br />
the whole project is 1/6 of the sum of the maximums, the minimums, and 4 times<br />
the best guess:<br />
Standard deviation of S ¼ðsd 2 þ sd 2 þ ...þ sd 2 Þ 1=2<br />
Standard deviation of EðiÞ ¼ðmax minÞ=6<br />
EXAMPLE 4.8<br />
Team WRT had identified seven subpieces to their project. These are shown in<br />
Table 4-4 with their estimates of the size of each subpiece.<br />
Table 4-4 Subpiece Size Estimate (in LOC)<br />
Part Max Size Best Guess Min Size<br />
1 20 30 50<br />
2 10 15 25<br />
3 25 30 45<br />
4 30 35 40<br />
5 15 20 25<br />
6 10 12 14<br />
7 20 22 25<br />
The estimates for each section are as follows:<br />
p1ð20 þ 4 30 þ 50Þ=6 ¼ 190=6 ¼ 31:6<br />
p2ð10 þ 4 15 þ 25Þ=6 ¼ 95=6 ¼ 15:8<br />
p3ð25 þ 4 30 þ 45Þ=6 ¼ 190=6 ¼ 31:6<br />
p4ð30 þ 4 35 þ 40Þ=6 ¼ 220=6 ¼ 36:7<br />
p5ð15 þ 4 20 þ 25Þ=6 ¼ 120=6 ¼ 20<br />
p6ð10 þ 4 12 þ 14Þ=6 ¼ 72=6 ¼ 12<br />
p7ð20 þ 4 22 þ 25Þ=6 ¼ 133=6 ¼ 22:17<br />
The estimate for the whole project is the sum of the estimates for each section:<br />
Whole ¼ 31:6 þ 15:8 þ 31:6 þ 36:7 þ 20 þ 12 þ 22:17 ¼ 170:07 LOC
56<br />
The estimate for the standard deviation of the estimate is as follows:<br />
Standard deviation ¼ðð50 20Þ 2 þð25 10Þ 2 þð45 25Þ 2<br />
þð40 30Þ 2 þð25 15Þ 2 þð14 10Þ 2 þð25 20Þ 2 Þ :5<br />
¼ð900 þ 225 þ 400 þ 100 þ 100 þ 16 þ 25Þ :5<br />
¼ 1766 :5 ¼ 42:03<br />
4.4.2 LOC-BASED COST ESTIMATION<br />
CHAPTER 4 Software Project Planning<br />
The basic LOC approach is a formula that matches the historical data. The basic<br />
formula has three parameters:<br />
Cost ¼ KLOC þ<br />
Alpha, , is the marginal cost per KLOC (thousand lines of code). This is the<br />
added cost for an additional thousand lines of code. The parameter beta, ,isan<br />
exponent that reflects the nonlinearity of the relationship. A value of beta greater<br />
than 1 means that the cost per KLOC increases as the size of the project increases.<br />
This is a diseconomy of scale. A value of beta less than 1 reflects an economy of<br />
scale. Some studies have found betas greater than 1, and other studies have betas<br />
less than 1. The parameter gamma, , reflects the fixed cost of doing any project.<br />
Studies have found both positive gammas and zero gammas.<br />
EXAMPLE 4.9<br />
Company LMN has recorded the following data from previous projects. Estimate<br />
what the parameters for the cost estimation formula should be and how much<br />
effort a new project of 30 KLOC should take (see Table 4-5).<br />
Table 4-5 Historical Data<br />
Proj. ID Size (KLOC) Effort (PM)<br />
1 50 120<br />
2 80 192<br />
3 40 96<br />
4 10 24<br />
5 20 48<br />
Analyzing or plotting this data would show a linear relationship between size and<br />
effort. The slope of the line is 2.4. This would be alpha, , in the LOC-based cost<br />
estimation formula. Since the line is straight (linear relationship), the beta, ,is1.<br />
The gamma, , value would be zero.
CHAPTER 4 Software Project Planning 57<br />
4.4.3 CONSTRUCTIVE COST MODEL (COCOMO)<br />
COCOMO is the classic LOC cost-estimation formula. It was created by Barry<br />
Boehm in the 1970s. He used thousand delivered source instructions (KDSI) as his<br />
unit of size. KLOC is equivalent. His unit of effort is the programmer-month<br />
(PM).<br />
Boehm divided the historical project data into three types of projects:<br />
1. Application (separate, organic, e.g., data processing, scientific)<br />
2. Utility programs (semidetached, e.g., compilers, linkers, analyzers)<br />
3. System programs (embedded)<br />
He determined the values of the parameters for the cost model for determining<br />
effort:<br />
1. Application programs: PM ¼ 2:4 ðKDSIÞ 1:05<br />
2. Utility programs: PM ¼ 3:0 ðKDSIÞ 1:12<br />
3. Systems programs: PM ¼ 3:6 ðKDSIÞ 1:20<br />
EXAMPLE 4.10<br />
Calculate the programmer effort for projects from 5 to 50 KDSI (see Table 4-6)<br />
Table 4-6 COCOMO Effort<br />
Size Appl Util Sys<br />
TEAMFLY<br />
5K 13.0 18.2 24.8<br />
10K 26.9 39.5 57.1<br />
15K 41.2 62.2 92.8<br />
20K 55.8 86.0 131.1<br />
25K 70.5 110.4 171.3<br />
30K 85.3 135.3 213.2<br />
35K 100.3 160.8 256.6<br />
40K 115.4 186.8 301.1<br />
45K 130.6 213.2 346.9<br />
50K 145.9 239.9 393.6
58<br />
CHAPTER 4 Software Project Planning<br />
Boehm also determined that in his project data, there was a standard development<br />
time based on the type of project and the size of the project. The following<br />
are the formulas for development time (TDEV) in programmer-months:<br />
1. Application programs: TDEV ¼ 2:5 (PM) 0.38<br />
2. Utility programs: TDEV ¼ 2:5 (PM) 0.35<br />
3. Systems programs: TDEV ¼ 2:5 (PM) 0.32<br />
EXAMPLE 4.11<br />
Calculate the standard TDEV using the COCOMO formulas for projects from 5 to<br />
50 KDSI (see Table 4-7).<br />
Table 4-7 COCOMO<br />
Development Time<br />
Size Appl Util Sys<br />
5K 6.63 6.90 6.99<br />
10K 8.74 9.06 9.12<br />
15K 10.27 10.62 10.66<br />
20K 11.52 11.88 11.90<br />
25K 12.60 12.97 12.96<br />
30K 13.55 13.93 13.91<br />
35K 14.40 14.80 14.75<br />
40K 15.19 15.59 15.53<br />
45K 15.92 16.33 16.25<br />
50K 16.61 17.02 16.92<br />
4.4.4 FUNCTION POINT ANALYSIS<br />
The idea of function points is to identify and quantify the functionality required<br />
for the project. The idea is to count things in the external behavior that will require<br />
processing. The classic items to count are as follows:<br />
Inputs<br />
Outputs<br />
Inquiries<br />
Internal files<br />
External interfaces
CHAPTER 4 Software Project Planning 59<br />
Inquiries are request-response pairs that do not change the internal data. For<br />
example, a request for the address of a specified employee is an inquiry. The whole<br />
sequence of asking, supplying the name, and getting the address would count as<br />
one inquiry.<br />
Inputs are items of application data that is supplied to the program. The logical<br />
input is usually considered one item and individual fields are not usually counted<br />
separately. For example, the input of personal data for an employee might be<br />
considered one input.<br />
Outputs are displays of application data. This could be a report, a screen<br />
display, or an error message. Again, individual fields are usually not<br />
considered separate outputs. If the report has multiple lines, for instance, a line<br />
for each employee in the department, these lines would all be counted as one<br />
output. However, some authorities would count summary lines as separate<br />
outputs.<br />
Internal files are the logical files that the customer understands must be<br />
maintained by the system. If an actual file contained 1000 entries of personnel<br />
data, it would probably be counted as one file. However, if the file contained<br />
personnel data, department summary data, and other department data, it would<br />
probably be counted as three separate files for the purposes of counting function<br />
points.<br />
External interfaces are data that is shared with other programs. For example,<br />
the personnel file might be used by human resources for promotion and for payroll.<br />
Thus, it would be considered an interface in both systems.<br />
4.4.4.1 Counting Unadjusted Function Points<br />
The individual function point items are identified and then classified as simple,<br />
average, or complex. The weights from Table 4-8 are then assigned to each item<br />
and the total is summed. This total is called the unadjusted function points.<br />
There is no standard for counting function points. Books have been written<br />
with different counting rules. The important thing to remember is that function<br />
points are trying to measure the amount of effort that will be needed to develop<br />
the software. Thus, things that are related to substantial effort need to generate<br />
more function points than things that will take little effort. For example, one<br />
difference between approaches to counting function points is related to summary<br />
lines at the bottom of reports. Some software engineers feel that a summary line<br />
means another output should be counted, while others would only count the main<br />
items in the report. The answer should be based on how much additional effort<br />
that summary line would require.<br />
Specific rules are not as important as consistency within the organization.<br />
Working together and reviewing other function point analyses will help build<br />
that consistency. Additionally, reviewing the estimate after completion of the<br />
project might help determine which items took more effort than indicated by<br />
the function point analysis and perhaps which items were overcounted in terms<br />
of function points and did not take as much effort as indicated.<br />
Note: Try to make your function points consistent with effort necessary for<br />
processing each item.
60<br />
Table 4-8 Function Point Weights<br />
Simple Average Complex<br />
Outputs 4 5 7<br />
Inquiries 3 4 6<br />
Inputs 3 4 6<br />
Files 7 10 15<br />
Interfaces 5 7 10<br />
EXAMPLE 4.12<br />
The department wants a program that assigns times and rooms for each section<br />
and creates a line schedule for the courses. The department has a list of sections<br />
with the name of the assigned professor and the anticipated size. The department<br />
also has a list of rooms with the maximum number of students each room will hold<br />
There are also sets of classes that cannot be taught at the same time. Additionally,<br />
professors cannot teach two courses at the same time.<br />
This program is much more difficult than the complexity of the inputs and<br />
outputs. It has two main inputs: the file with the list of sections, assigned professor,<br />
and anticipated size, and the file with the list of rooms with the maximum size.<br />
These two files, although simple to read, will be difficult to process, so they will be<br />
rated complex. There will be an additional file with the sets of classes that cannot<br />
be taught at the same time. Again, this file is simple in structure but will be difficult<br />
to process. The last line has a restriction that is not an input or output.<br />
There is an output, the line schedule. This is a complex output. There are no<br />
inquiries or interfaces mentioned, nor any mention about files being maintained.<br />
4.4.5 PRODUCTIVITY<br />
CHAPTER 4 Software Project Planning<br />
One of the important measures is the productivity of the software developers. This<br />
is determined by dividing the total size of the finished product by the total effort of<br />
all the programmers. This has units of LOC/programmer-day. An alternative is to<br />
measure the productivity in terms of function points per programmer-day.<br />
Note that productivity includes all the effort spent in all phases of the software<br />
life cycle.<br />
EXAMPLE 4.13<br />
Company XYZ spent the following effort for each life cycle phase of the latest<br />
project (see Table 4-9). Calculate the effort in terms of LOC/programmer-day and<br />
in terms of function points/programmer day. The function point estimate was 50<br />
unadjusted function points. The finished project included 950 lines of code.
CHAPTER 4 Software Project Planning 61<br />
Table 4-9 Effort During Phases<br />
Phase Programmer-Days<br />
Requirements 20<br />
Design 10<br />
Implementation 10<br />
Testing 15<br />
Documentation 10<br />
The total effort was 65 programmer-days. This gives a productivity of 950/65 =<br />
14.6 lines of code/programmer-days. Using unadjusted function points (fp), the<br />
productivity is 50 fp/65 days = 0.77 fp/programmer-days.<br />
4.4.6 EVALUATING ESTIMATIONS<br />
To evaluate estimations, a measure needs to be calculated. Tom DeMarco proposed<br />
the estimate quality factor (EQF). DeMarco defines the EQF as the area<br />
under the actual curve divided by area between the estimate and the actual value.<br />
This is the inverse of the percentage error or the mean relative error. Thus, the<br />
higher the EQF, the better was the series of estimates. DeMarco said that values<br />
over 8 are reasonable.<br />
EXAMPLE 4.11<br />
The following estimates were given for a project that cost 3.5 million dollars when it<br />
was completed after 11.5 months:<br />
Initial 1.5 months 5.5 months 8 months<br />
2.3 million 3.1 million 3.9 million 3.4 million<br />
The total area is 11.5 months times 3.5 million = 40.25 million month-dollars. The<br />
difference between the actual curve and the estimate is |2:3 3:5| 1:5+|3:1<br />
3:5| 4+|3:9 3:5| 2:5 þ |3:4 3:5| 3:5 ¼ 4:75 million month-dollars. The ratio is<br />
40:25=4:75 ¼ 8:7.
62<br />
4.4.7 AUTOMATED ESTIMATION TOOLS<br />
Numerous tools are available on the Internet that will calculate COCOMO or<br />
COCOMO2. Most have very simple interfaces. Search for COCOMO using any<br />
browser, and it should find multiple sites. 1<br />
Review Questions<br />
1. What is the distinction between a WBS and a process model?<br />
2. Why should a WBS be a tree?<br />
3. What happens when there is not a completion criterion for a task in a WBS?<br />
4. What is the advantage of using a PERT diagram?<br />
5. Why does delaying a task on the critical path delay the whole project?<br />
6. Is the critical path important if only one person is working on a project?<br />
7. What is the importance of slack time?<br />
8. Why is slack time based on the earliest time of the latest start times of successor tasks?<br />
9. Draw a diagram that shows economy of scale and diseconomy of scale. Label the<br />
diagram and explain which is which.<br />
10. It is very common to use the default version of estimation. Consider the last time<br />
someone asked you to give an estimate of anything. Was the estimate you gave the<br />
default definition of an estimate or DeMarco’s proposed definition of an estimate?<br />
11. Why should the parameters for cost estimation be determined from a company’s data?<br />
Problems<br />
CHAPTER 4 Software Project Planning<br />
1. Create a WBS for the task of painting a room. Assume that the process model is for<br />
home work projects with activities: plan work, buy supplies, do work, clean up.<br />
1 A couple of useful sites are sunset.usc.edu/research/COCOMOII or www.jsc.nasa.gov/bu2/COCOMO.html.
CHAPTER 4 Software Project Planning 63<br />
2. Create a WBS for the software development of the software for the following dental<br />
office:<br />
Tom is starting a dental practice in a small town. He will have a dental assistant,<br />
a dental hygienist, and a receptionist. He wants a system to manage the<br />
appointments.<br />
When a patient calls for an appointment, the receptionist will check the<br />
calendar and will try to schedule the patient as early as possible to fill in<br />
vacancies. If the patient is happy with the proposed appointment, the<br />
receptionist will enter the appointment with the patient name and purpose of<br />
appointment. The system will verify the patient name and supply necessary<br />
details from the patient records, including the patient’s ID number. After each<br />
exam or cleaning, the hygienist or assistant will mark the appointment as<br />
completed, add comments, and then schedule the patient for the next visit if<br />
appropriate.<br />
The system will answer queries by patient name and by date. Supporting<br />
details from the patient’s records are displayed along with the appointment<br />
information. The receptionist can cancel appointments. The receptionist can<br />
print out a notification list for making reminder calls 2 days before<br />
appointments. The system includes the patient’s phone numbers from the patient<br />
records. The receptionist can also print out daily and weekly work schedules<br />
with all the patients.<br />
3. Create a WBS for the software development of the software for the following B&B<br />
problem:<br />
Tom and Sue are starting a bed-and-breakfast in a small New England town.<br />
They will have three bedrooms for guests. They want a system to manage the<br />
reservations and to monitor expenses and profits. When a potential customer calls<br />
for a reservation, they will check the calendar, and if there is a vacancy, they will<br />
enter the customer name, address, phone number, dates, agreed upon price, credit<br />
card number, and room number(s). Reservations must be guaranteed by 1 day’s<br />
payment.<br />
Reservations will be held without guarantee for an agreed upon time. If not<br />
guaranteed by that date, the reservation will be dropped.<br />
4. Create a WBS for the software development of the software for the following automobile<br />
dealership problem:<br />
An automobile dealer wants to automate its inventory. It can record all of the<br />
cars that a customer purchases. It records all repairs. It records all arriving<br />
shipments of repair parts. The dealer wants daily reports on total daily repairs,<br />
daily sales, and total inventory. This report is called ‘‘dailyreport.’’ The dealer<br />
also keeps track of all customers and potential customers that visit the dealership.<br />
The dealer also wants a monthly report showing all visits and purchases by<br />
customers listed by day of the month. The dealer also wants the ability to query<br />
about any customer or potential customer.<br />
5. Draw the PERT diagram for the tasks of Problem 1.<br />
6. Draw the PERT diagram for the given set of tasks and dependencies. Complete the<br />
table showing the critical path and the slack times.
64<br />
CHAPTER 4 Software Project Planning<br />
Node Dep Time Start Finish<br />
a 10<br />
b a 5<br />
c a 2<br />
d a 3<br />
e b,c 7<br />
f b,d 9<br />
g c,d 5<br />
h e,f,g 6<br />
7. Draw the PERT diagrams for the given set of tasks and dependencies. Complete the<br />
table showing the critical path and the slack times.<br />
Node Dependencies Time Start Time Stop Time<br />
a 10<br />
b e 10<br />
c d,f 10<br />
d a,f,b 20<br />
e a,f 8<br />
f a 5<br />
8. Estimate the cost parameters from the given set of data:<br />
Project Size (KLOC) Cost (programmer-months)<br />
a 30 84<br />
b 5 14<br />
c 20 56
CHAPTER 4 Software Project Planning 65<br />
d 50 140<br />
e 100 280<br />
f 10 28<br />
9. Estimate the cost parameters from the given set of data:<br />
Project Size (KLOC) Cost (programmer-months)<br />
a 30 95<br />
b 5 80<br />
c 20 65<br />
d 50 155<br />
e 100 305<br />
f 10 35<br />
10. Calculate COCOMO effort, TDEV, average staffing, and productivity for an organic<br />
project that is estimated to be 39,800 lines of code.<br />
11. Calculate the unadjusted function points for the problem description of Problem 2.<br />
Answers to Review Questions<br />
1. What is the distinction between a WBS and a process model?<br />
A process model describes the software activities in a generic sense, that is, for many<br />
different projects. It describes the process, the artifacts produced and used, and the<br />
actors responsible for the activities. A process model is a graph; it can have cycles and<br />
so on. A work breakdown structure is a tree that expands the process model’s activities<br />
with details and necessary subtasks that are specific for a particular project. A WBS<br />
task that appears in every project should also be in the process model.<br />
2. Why should a WBS be a tree?
66<br />
If there are loops in a WBS, it means that some task recursively depends on itself,<br />
which is impossible. A loop will normally happen when some task is not defined<br />
properly. If there are two paths to a task, it normally means that two different<br />
higher-level tasks depend on that common subtask. It only needs to be shown (and<br />
done) once.<br />
3. What happens when there is not a completion criterion for a task in a WBS?<br />
It means that it will not be clear if progress is being made or when it is done. It also<br />
may mean that it is not clear what actually needs to be done. For example, a subtask<br />
such as ‘‘research XXX’’ is not well specified. There should be a goal to the research<br />
and that should be clearly stated in the task description.<br />
4. What is the advantage of using a PERT diagram?<br />
Although the WBS will develop a list of tasks, it may be difficult to see which tasks<br />
have to be done first and which tasks will determine the final completion time. These<br />
tasks are on the critical path.<br />
5. Why does delaying a task on the critical path delay the whole project?<br />
The critical path is defined as the set of tasks that determine the minimum time for<br />
completing the project. Practically, if a task is on the critical path and it is delayed, that<br />
means the start time and ending time of the next task on the critical path will be<br />
delayed. This will ripple down to the last task on the critical path, and the project<br />
will be delayed.<br />
6. Is the critical path important if only one person is working on a project?<br />
It is important only if all tasks are on the critical path. If there are tasks not on the<br />
critical path and those tasks cannot be done in parallel since there is only one person,<br />
the time required for those tasks will have the be added to the time of the critical path<br />
to determine the completion time.<br />
7. What is the importance of slack time?<br />
CHAPTER 4 Software Project Planning<br />
Although tasks not on the critical path do not determine the minimal completion time,<br />
if those tasks are not done in a timely fashion, the completion time will be delayed. The<br />
slack time shows the range of time in which that task must be completed.<br />
8. Why is slack time based on the earliest of the latest start times of the successor tasks?<br />
Slack time is based on the earliest such start time because if that task was delayed past<br />
that start time, that task would not be completed in time and the ripple effect would<br />
delay the whole project.<br />
9. Draw a diagram that shows economy of scale and diseconomy of scale. Label the<br />
diagram and explain which is which.<br />
A line that curves upward shows a diseconomy of scale. That is, with bigger<br />
projects, the cost per unit of size increases. A line that curves downward shows<br />
an economy of scale. That is, the bigger the project, the cheaper the cost per unit<br />
of size. See Fig. 4-4.
CHAPTER 4 Software Project Planning 67<br />
Cost<br />
10. It is very common to use the default version of estimation. Consider the last time<br />
someone asked you to give an estimate of anything. Was the estimate you gave the<br />
default definition of an estimate or DeMarco’s proposed definition of an estimate?<br />
When my students ask when an assignment will be graded, I too often give the time it<br />
would take if I did not have any other tasks to do and I was not interrupted. That<br />
answer is not realistic because there are always more pressing tasks and interruptions.<br />
11. Why should the parameters for cost estimation be determined from a company’s data?<br />
Each company has different practices, standards, policies, and types of software that it<br />
develops. It is unrealistic to expect that the parameters found to be good predictors by<br />
large defense contractors should be the same as those for small, in-house development<br />
projects.<br />
Answers to Problems<br />
1. Create a WBS for painting a room.<br />
Size<br />
Fig. 4-4<br />
beta > 1<br />
diseconomy<br />
beta = 1<br />
(Process model activities are not shown.)<br />
a. Select color for room Color decided<br />
b. Buy paint Cans of paint<br />
c. Buy brushes Brushes<br />
d. Prepare walls Clean walls<br />
e. Open paint cans Opened cans<br />
f. Stir paint Stirred paint<br />
g. Paint walls Painted walls<br />
h. Clean up Cleaned and painted walls<br />
beta < 1<br />
economy<br />
TEAMFLY
68<br />
2. Create a WBS for the dental office problem.<br />
(The life cycle phases and the PM activities have been left off.)<br />
Develop risk assessment Assessment spec<br />
Estimate effort Cost estimate<br />
Plan schedule Schedule<br />
Review risks, estimation, and schedule with dentist Dentist’s approval<br />
Design object model Object model<br />
Review object model with dentist Dentist’s approval<br />
Get specs of patient records system Specs<br />
Develop prototype interface with patient records Working prototype<br />
Review form of reminder list with receptionist and dentist Dentist’s approval<br />
Review form of daily and weekly schedule with dental staff Dentist’s approval<br />
Review design of class model with team Review document<br />
Implement Compiled code<br />
Unit test successfully with C0 coverage Test report<br />
Integrate system Compiled code<br />
System test Test report<br />
Training and alpha testing in dental office Test report<br />
Review system with dental staff Dentist’s approval<br />
Acceptance test by staff Dentist’s approval<br />
Deliver user manual and documentation Manuals delivered<br />
3. Create a WBS for the B&B problem.<br />
CHAPTER 4 Software Project Planning<br />
(The PM activities and the deliverables have been left off.)<br />
Feasibility Analysis<br />
Discuss Web-based options with Tom and Sue.<br />
Determine if Web-based or stand-alone system.<br />
Requirements<br />
Elicit requirements from Tom and Sue.<br />
Build requirements document.<br />
Review requirements with Tom and Sue.<br />
Design<br />
Design prototype reservation system.<br />
Design expense and profit section.<br />
Implementation<br />
Build prototype reservation system.<br />
Implement expense and profit section.<br />
Testing<br />
Test prototype.<br />
Test expense and profit section.<br />
Delivery<br />
Review prototype with Tom and Sue.<br />
Review total system with Tom and Sue.<br />
4. Create a WBS for the automobile dealership problem.<br />
(The life cycle phases and the PM activities have been left off.)
CHAPTER 4 Software Project Planning 69<br />
Requirements<br />
Elicit requirements from dealer.<br />
Build requirements document.<br />
Review requirements with dealer.<br />
Create preliminary user manual.<br />
Review preliminary user manual.<br />
Build test cases.<br />
Design<br />
Design prototype automobile system.<br />
Design format for reports.<br />
Implementation<br />
Build prototype automobile system.<br />
Implement queries and reports section.<br />
Review prototype with dealer.<br />
Implement final version.<br />
Testing<br />
Test final version at dealership.<br />
Delivery<br />
Train staff<br />
Deliver documentation.<br />
5. Draw a PERT diagram for painting a room:<br />
The PERT diagram is shown in Fig. 4-5.<br />
a<br />
c<br />
d<br />
6. Draw a PERT diagram and complete the table.<br />
(Critical path indicated with asterisks in table.) See also Fig. 4-6.<br />
a<br />
b<br />
e<br />
Fig. 4-5. PERT diagram for painting.<br />
b<br />
c<br />
d<br />
Fig. 4-6. PERT diagram.<br />
f<br />
e<br />
f<br />
g<br />
g h<br />
h
70<br />
CHAPTER 4 Software Project Planning<br />
Node Dep Time Start Finish<br />
a 10 0 10*<br />
b a 5 10 15*<br />
c a 2 10,24 12,26<br />
d a 3 10,21 13,24<br />
e b,c 7 12,26 19,33<br />
f b,d 9 24 33*<br />
g c,d 5 13,28 18,33<br />
h e,f,g 6 33 39*<br />
7. Draw a PERT diagram and complete the table for the given set of tasks and dependencies.<br />
Node Dependencies Time Start Time Stop Time<br />
a 10 0 10<br />
b e 10 23 33<br />
c d,f 10 53 63<br />
d a,f,b 20 33 53<br />
e a,f 8 15 23<br />
f a 5 10 15<br />
Everything is on critical path; no slack times. See Fig. 4-7.<br />
a<br />
e<br />
f<br />
Fig. 4-7. PERT diagram<br />
b<br />
d<br />
c
CHAPTER 4 Software Project Planning 71<br />
8. Estimate the cost parameters from the given set of data.<br />
Cost ¼ 3:8 Size (KLOC)<br />
9. Estimate the cost parameters from the given set of data.<br />
Cost ¼ 4:0 Size (KLOC) +5.0<br />
10. Calculate COCOMO effort, TDEV, average staffing, and productivity for an organic<br />
project that is estimated to be 39,800 lines of code.<br />
An organic project uses the application formulas. Cost ¼ 2:4 (KDSI) 1:05<br />
Cost ¼ 2:4 39:8 1:05 ¼ 2:4 47:85 ¼ 114:8 programmer-months<br />
TDEV ¼ 2:5 (PM) 0:38 ¼ 2:5 6:06 ¼ 15:15 months<br />
Average staffing ¼ Cost/TDEV ¼ 114:8=15:15 ¼ 7:6 programmers<br />
Productivity ¼ 39,800 LOC/(114.8 PM 20 days/month) ¼ 17:3 LOC/programmerday<br />
11. Calculate the unadjusted function points for the problem description of Problem 2.<br />
Type Simple Average Complex Total<br />
Inputs Patient name<br />
Appt completed<br />
Appt purpose<br />
Outputs Comments Calendar<br />
Supporting details<br />
Appt information<br />
Notification list<br />
Inquires Query by name<br />
Query by date<br />
Cancel appt 13<br />
Verify patient<br />
Check calendar<br />
Available appt<br />
Daily schedule<br />
Weekly schedule<br />
Files Patient data 10<br />
Interfaces<br />
Total 79<br />
38<br />
18
Software Metrics<br />
5.1 Introduction<br />
72<br />
Science is based on measurement. Improving a process requires understanding of<br />
the numerical relationships. This requires measurement.<br />
Software measurement is the mapping of symbols to objects. The purpose is to<br />
quantify some attribute of the objects, for example, to measure the size of software<br />
projects. Additionally, a purpose may be to predict some other attribute that is not<br />
currently measurable, such as effort needed to develop a software project.<br />
Not all mappings of symbols to objects are useful. An important concern is the<br />
validation of metrics. However, validation is related to the use of the metric. An<br />
example is a person’s height. Height is useful for predicting the ability of a person<br />
to pass through a doorway without hitting his or her head. Just having a high<br />
correlation between a measure and an attribute is not sufficient to validate a<br />
measure. For example, a person’s shoe size is highly correlated to the person’s<br />
height. However, shoe size is normally not acceptable as a measure of a person’s<br />
height.<br />
The following are criteria for valid metrics 1 :<br />
1. A metric must allow different entities to be distinguished.<br />
2. A metric must obey a representation condition.<br />
3. Each unit of the attribute must contribute an equivalent amount to the<br />
metric.<br />
4. Different entities can have the same attribute value.<br />
Many times, the attribute of interest is not directly measurable. In this case, an<br />
indirect measure is used. An indirect measure involves a measure and a prediction<br />
formula. For example, density is not a direct measure. It is calculated from mass<br />
and density, which are both direct measures. In computer science, many of the<br />
1<br />
R. Harrison, S. Counsell, R. Nithi. ‘‘An Evaluation of the MOOD Set of Object-oriented Software Metrics.’’<br />
IEEE TOSE 24:6, June 1998, 491–496.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
CHAPTER 5 Software Metrics 73<br />
‘‘ilities’’ (maintainability, readability, testability, quality, complexity, etc.) cannot<br />
be measured directly, and indirect measures for these attributes are the goal of<br />
many metrics programs.<br />
The following are criteria for valid indirect metrics:<br />
1. The model must be explicitly defined.<br />
2. The model must be dimensionally consistent.<br />
3. There should be no unexpected discontinuities.<br />
4. Units and scale types must be correct.<br />
5.2 Software Measurement Theory<br />
The representational theory of measurement has been studied for over 100 years.<br />
It involves an empirical relation system, a numerical relation system, and a relation-preserving<br />
mapping between the two systems.<br />
The empirical relation system (E, R) consists of two parts:<br />
A set of entities, E<br />
A set of relationships, R<br />
The relationship is usually ‘‘less than or equal.’’ Note that not everything has to<br />
be related. That is, the set R may be a partial order. 2<br />
The numerical relation system (N, P) also consists of two parts:<br />
A set of entities, N. Also called the ‘‘answer set,’’ this set is usually numbers—<br />
natural numbers, integers, or reals.<br />
A set of relations, P. This set usually already exists and is often ‘‘less than’’ or<br />
‘‘less than or equal.’’<br />
The relation-preserving mapping, M, maps (E, R) to (N, P). The important<br />
restriction on this mapping is called the representation condition. There are two<br />
possible representation conditions. The most restrictive version says that if two<br />
entities are related in either system, then the images (or pre-images) in the other<br />
system are related:<br />
x rel y iff MðxÞ rel MðyÞ 3<br />
The less restrictive version says that if two entities are related in the empirical<br />
system, then the images of those two entities in the numerical system are related in<br />
the same way:<br />
MðxÞ rel MðyÞ if x rel y<br />
2 A partial order is strictly defined as an order that satisfies three axioms: every element is related to itself, the<br />
relation cannot hold both ways between two elements, and transitivity. It is not required to be total. That is, not<br />
every two elements are related.<br />
3 ‘‘x is related to y if and only if the mapping of x is related to the mapping of y.’’
74<br />
Classical measurement theory authors have used both versions. The advantage<br />
of the second version is that partial orders in the empirical system can be mapped<br />
to integers or reals that are both totally ordered.<br />
EXAMPLE 5.1 HEIGHT OFPEOPLE<br />
The classic example of mapping an empirical system to a numerical system is the<br />
height of people. In the empirical system, there is a well-understood height<br />
relationship among people. Given two people who are standing next to each other,<br />
everyone would agree about who is taller. This is the empirical system: people are<br />
the entities and the well-understood relation is ‘‘shorter or the same height.’’<br />
The numerical system is the real number system (either metric or imperial units)<br />
with the standard relation of less than or equal.<br />
The mapping is just the standard measured height of people. This is usually<br />
measured barefoot, standing straight against a wall.<br />
The representation condition (either version) is satisfied, since if Fred is shorter<br />
than or equal to Bill, then Fred’s measured height is less than or equal to Bill’s<br />
measured height.<br />
EXAMPLE 5.2<br />
Develop a measure, BIG, for people that combines both weight and height.<br />
Empirically, if two people are the same height, the heavier is bigger, and if two<br />
people are the same weight, the taller is bigger. If we use this notion, we can have<br />
a partial order that most people would agree with. The only pair of persons that we<br />
would not order by this would be if one was heavier and the other was taller.<br />
Numerically, we can use a tuple, < height, weight >. Each part of the tuple would<br />
be a real number. Two tuples would be related if both parts were related in the<br />
same direction. That is, if x; y are tuples, than x is less than or equal to y in<br />
‘‘bigness’’ if x height ¼ < y height and x weight ¼ < y weight. This is also a partial order,<br />
and both versions of the representation condition are satisfied.<br />
5.2.1 MONOTONICITY<br />
An important characteristic of a measure is monotonicity. It means that the value<br />
of the measure of an attribute does not change direction as the attribute increases<br />
in the object. For example, the count of lines of code will not decrease as more<br />
code is added.<br />
EXAMPLE 5.3<br />
A linear function is monotonic, since it always goes in the same direction. A<br />
quadratic function is usually not monotonic. For example, y ¼ 5x x 2 is not<br />
monotonic in the range x ¼ 0tox ¼ 10. From x ¼ 0tox ¼ 5, y increases. From<br />
x ¼ 5tox ¼ 10, y decreases.<br />
5.2.2 MEASUREMENT SCALES<br />
CHAPTER 5 Software Metrics<br />
There are five different scale types: nominal, ordinal, interval, ratio, and absolute.<br />
The least restrictive measurement is using the nominal scale type. This type<br />
basically assigns numbers or symbols without regard to any quantity. The classic
CHAPTER 5 Software Metrics 75<br />
example for a nominal scale measure is the numbers on sports uniforms. We do<br />
not think that one player is better than another just because the number on one<br />
uniform is bigger or smaller than the number on the other uniform. There is no<br />
formula for converting from one nominal scale measure to another nominal scale<br />
measure.<br />
In an ordinal scale measure, there is an implied ordering of the entities by the<br />
numbers assigned to the entity. The classic example is class rank. If a student is<br />
ranked first, her performance has been better than a student who is ranked second,<br />
or third, or any other number greater than 1. However, we never assume that the<br />
numerical difference in rank is significant. That is, we don’t assume that the<br />
difference between the first and second student is the same as the difference<br />
between the 100th and 101st student. Any formula that converts from one ordinal<br />
scale measure to another ordinal scale measure for the same entity must preserve<br />
the ordering.<br />
In an interval scale measure, the amount of the difference is constant. An<br />
example is temperature. There are two instances of temperature measures that<br />
are commonly used, Fahrenheit and Celsius. The formula for converting from a<br />
Celsius scale measure to a Fahrenheit scale measure is 9=5 x þ 32. With any two<br />
interval scale measures for the same attribute, the formula for conversion must be<br />
of the form ax þ b.<br />
In a ratio scale measure, the amount of the difference is constant and there is a<br />
well-understood zero that any scale measure would use. For example, money,<br />
length, and height are measurements using ratio scales. These measurements<br />
have well-understood notions of zero: zero money, zero height, and zero length.<br />
Any formula for converting from one set of units to another—from centimeters to<br />
inches, for example—would just use a multiplicative constant.<br />
The absolute is a counting scale measure. The units are obvious and well understood.<br />
Counting marbles is an example of an absolute scale measure.<br />
5.2.3 STATISTICS<br />
Not all statistics are appropriate for all scales. The following indicates which<br />
common statistical methods are appropriate:<br />
Nominal scale: Only mode, median, and percentiles<br />
Ordinal scale: The above and Spearman correlations<br />
Interval scale: The above and mean, standard deviation, and Pearson correlations<br />
Ratio scale: All statistics<br />
Absolute scale: All statistics<br />
EXAMPLE 5.4 AVERAGES<br />
Temperature is an interval scale measure. Thus, it makes statistical sense to give<br />
an average temperature. However, the numbers on baseball players’ uniforms are<br />
a nominal scale measure. It does not make sense to give the average of the<br />
numbers on a team’s uniforms. Similarly, the average ranking of the students in a<br />
class or the average of a student’s rankings in a number of classes is not<br />
appropriate.
76<br />
5.3 Product Metrics<br />
Product metrics are metrics that can be calculated from the document independent<br />
of how it was produced. Generally, these are concerned with the structure of the<br />
source code. Product metrics could be defined for other documents. For example,<br />
the number of paragraphs in a requirements specification would be a product<br />
metric.<br />
EXAMPLE 5.5 LINES OFCODE<br />
The most basic metric for size is the lines of code metric. There are many<br />
different ways to count lines of code. The definition may be a simple as the<br />
number of NEW LINE characters in the file. Often comments are excluded from the<br />
count of lines. Sometimes blank lines or lines with only delimiters are excluded.<br />
Sometimes statements are counted instead of lines.<br />
5.3.1 McCABE’S CYCLOMATIC NUMBER<br />
McCabe’s cyclomatic number, introduced in 1976, is, after lines of code, one of the<br />
most commonly used metrics in software development. Also called ‘‘McCabe’s<br />
complexity measure’’ from the title of the original journal article, it is based on<br />
graph theory’s cyclomatic number. McCabe tries to measure the complexity of a<br />
program. The premise is that complexity is related to the control flow of the<br />
program. Graph theory uses a formula, C ¼ e n þ 1 to calculate the cyclomatic<br />
number. McCabe uses the slightly modified formula:<br />
C ¼ e n þ 2p<br />
where:<br />
e ¼ Number of edges<br />
n ¼ Number of nodes<br />
p ¼ Number of strongly connected components (which is normally 1)<br />
EXAMPLE 5.6<br />
Determine the cyclomatic number from the control flow graph shown in Fig. 5-1.<br />
a<br />
e<br />
b<br />
f<br />
CHAPTER 5 Software Metrics<br />
Fig. 5-1. Control flow graph.<br />
There are 8 nodes, so n ¼ 8. There are 11 arcs, so e ¼ 11. The cyclomatic<br />
number is C ¼ 11 8 þ 2 ¼ 5:<br />
A planar graph is a graph that can be drawn without lines crossing. The Swiss<br />
mathematician Leonhard Euler (1707–1783) proved for planar graphs that<br />
c<br />
g<br />
d<br />
h
CHAPTER 5 Software Metrics 77<br />
2 ¼ n e þ r, where r ¼ number of regions, e ¼ number of edges, and n ¼ number<br />
of nodes. A region is an area enclosed (or defined) by arcs. Using algebra, this can<br />
be converted to r ¼ e n þ 2. Therefore, the number of regions on a planar graph<br />
equals the cyclomatic number.<br />
EXAMPLE 5.7<br />
Label the regions in the control flow graph from Example 5.6 with Roman<br />
numerals.<br />
As shown in Fig. 5-2, there are five regions. Region I is the outside of the<br />
graph.<br />
a<br />
e<br />
b<br />
I II III IVV<br />
f<br />
Calculating the cyclomatic number from control flow graphs is time-consuming.<br />
Constructing a control flow graph from a large program would be prohibitively<br />
time-consuming. McCabe found a more direct method of calculating his measure.<br />
He found that the number of regions is usually equal to one more than the number<br />
of decisions in a program, C ¼ þ 1, where is the number of decisions.<br />
In source code, an IF statement, a WHILE loop, or a FOR loop is considered one<br />
decision. A CASE statement or other multiple branch is counted as one less decision<br />
than the number of possible branches.<br />
Control flow graphs are required to have a distinct starting node and a distinct<br />
stopping node. If this is violated, the number of decisions will not be one less than<br />
the number of regions.<br />
EXAMPLE 5.8<br />
Label the decisions in the control flow graph of Example 5.6 with lowercase letters.<br />
As shown in Fig. 5-3, from node a, there are three arcs, so there must be two<br />
decisions, labeled a and b. From nodes c and f, there are two arcs and so one<br />
decision each. The other nodes have at most one exit and so no decisions. There<br />
are four decisions, so C ¼ 4 þ 1 ¼ 5.<br />
a<br />
e<br />
Fig. 5-2. Control flow graph with roman numerals.<br />
a<br />
b<br />
b<br />
I II III IVV<br />
f<br />
c<br />
c<br />
g<br />
TEAMFLY<br />
Fig. 5-3. Control flow graph with lowercase letters.<br />
c<br />
g<br />
d<br />
d<br />
h<br />
d<br />
h
78<br />
EXAMPLE 5.9<br />
Calculate the cyclomatic number using the invalid control flow graph shown in Fig. 5-4.<br />
The cfg is the same as earlier examples, except that the c-h arc has been replaced<br />
by an h-c arc. This will not change the counts of nodes, edges, or regions. Thus,<br />
the first two methods of counting the cyclomatic number will not change. However,<br />
decision d has been eliminated, so the third method will not give the same answer.<br />
However, this is not a valid cfg, since there is now no stopping node.<br />
Threshold Value<br />
e<br />
An important aspect of a metric is guidance about when the values are reasonable<br />
and when the values are not reasonable. McCabe analyzed a large project and<br />
discovered that for modules with cyclomatic number over 10, the modules had<br />
histories of many more errors and many more difficulties in maintenance. Thus, 10<br />
has been accepted as the threshold value for the cyclomatic number in a module. If<br />
the cyclomatic number is greater than 10, efforts should be made to reduce the<br />
value or to split the module.<br />
5.3.2 HALSTEAD’S SOFTWARE SCIENCE<br />
Maurice Halstead was one of the first researchers in software metrics. He did his<br />
work in the late 1960s and 1970s. His goal was to identify what contributed to the<br />
complexity in software. He empirically looked for measures of intrinsic size. After<br />
finding what he felt were good measures and prediction formulas, he tried to<br />
develop a coherent theory. His simple metrics are still considered valid, while<br />
his more complex metrics and prediction formulas have been found to be suspect.<br />
Basic Entities—Operators and Operands<br />
CHAPTER 5 Software Metrics<br />
a<br />
a<br />
b<br />
c<br />
d<br />
I<br />
b<br />
II III IVV<br />
f<br />
c<br />
Fig. 5-4. Invalid control flow graph.<br />
The basic approach that gave Halstead good results was to consider any program<br />
to be a collection of tokens, which he classified as either operators or operands.<br />
Operands were tokens that had a value. Typically, variables and constants were<br />
operands. Everything else was considered an operator. Thus, commas, parentheses,<br />
arithmetic operators, brackets, and so forth were all considered operators.<br />
All tokens that always appear as a pair, triple, and so on will be counted<br />
together as one token. For example, a left parenthesis and a right parenthesis<br />
will be considered as one occurrence of the token parenthesis. A language that<br />
has an if-then construction will be considered to have an if-then token.<br />
Halstead also was concerned about algorithms and not about declarations, i/o<br />
statements, and so on. Thus, he did not count declarations, input or output<br />
g<br />
h
CHAPTER 5 Software Metrics 79<br />
statements, or comments. However, currently most organizations would count all<br />
parts of a program.<br />
Halstead’s definitions of operator and operand are open to many interpretations.<br />
No standard has been accepted for deciding ambiguous situations. The good<br />
news is that as long as an organization is consistent, it doesn’t matter. The bad<br />
news is that people in one organization cannot compare their results with the<br />
results from other organizations.<br />
The author recommends a syntax-based approach where all operands are userdefined<br />
tokens and all operators are the tokens defined by the syntax of the<br />
language.<br />
Basic Measures—g 1 and g 2<br />
The count of unique operators in a program is 1 (pronounced ‘‘eta one’’), and the<br />
count of unique operands in a program is 2 (pronounced ‘‘eta two’’).<br />
The total count of unique tokens is ¼ 1 þ 2. This is the basic measure of the<br />
size of the program.<br />
EXAMPLE 5.10<br />
Identify the unique operators and operands in the following code that does<br />
multiplication by repeated addition.<br />
Z=0;<br />
while X > 0<br />
Z=Z+Y;<br />
X = X-1 ;<br />
end-while ;<br />
print(Z) ;<br />
operators<br />
= ; while-endwhile > +-print()<br />
operands<br />
Z0XY1<br />
thus, 1 = 8 and 2 =5<br />
Potential Operands, g 2*<br />
Halstead wanted to consider and compare different implementations of algorithms.<br />
He developed the concept of potential operands that represents the minimal<br />
set of values needed for any implementation of the given algorithm. This is<br />
usually calculated by counting all the values that are not initially set within the<br />
algorithm. It will include values read in, parameters passed in, and global values<br />
accessed within the algorithm.<br />
Length, N<br />
The next basic measure is total count of operators, N1, and the total count of<br />
operands, N 2. These are summed to get the length of the program in tokens:<br />
N ¼ N 1 þ N 2
80<br />
EXAMPLE 5.11<br />
Calculate Halstead’s length for the code of Example 5.10.<br />
operators<br />
= 3<br />
; 5<br />
while-endwhile 1<br />
> 1<br />
+ 1<br />
- 1<br />
print1<br />
() 1<br />
operands<br />
Z 4<br />
0 2<br />
X 3<br />
Y 2<br />
1 1<br />
There are 14 occurrences of operators, so N 1 is 14. Similarly, N 2 is 12.<br />
N ¼ N 1 þ N 2 ¼ 14 þ 12 ¼ 26.<br />
Estimate of the Length (est N or N_hat)<br />
The estimate of length is the most basic of Halstead’s prediction formulas. Based<br />
on just an estimate of the number of operators and operands that will be used in a<br />
program, this formula allows an estimate of the actual size of the program in terms<br />
of tokens:<br />
est N ¼ 1 log 2 1 þ 2 log 2 2<br />
EXAMPLE 5.12<br />
Calculate the estimated length for the code of Example 5.10.<br />
The log2 of x is the exponent to which 2 must be raised to give a result equal to<br />
x. So, log2 of 2 is 1, log2 of 4 is 2, of 8 is 3, of 16 is 4:<br />
log 2 of 1 ¼ log 2 8 ¼ 3<br />
log 2 of 2 ¼ log 2 5 ¼ 2:32<br />
est N ¼ 8 3 þ 5 2:32 ¼ 24 þ 11:6 ¼ 35:6<br />
CHAPTER 5 Software Metrics<br />
while the actual N is 26. This would be considered borderline. It is probably not a<br />
bad approximation for such a small program.<br />
From experience, I have found that if N and est N are not within about 30<br />
percent of each other, it may not be reasonable to apply any of the other software<br />
science measures.
CHAPTER 5 Software Metrics 81<br />
Volume, V<br />
Halstead thought of volume as a 3D measure, when it is really related to the<br />
number of bits it would take to encode the program being measured. 4 In other<br />
words:<br />
V ¼ N log 2ð 1 þ 2Þ<br />
EXAMPLE 5.13<br />
Calculate V for the code of Example 5.10.<br />
V ¼ 26 log 2 13 ¼ 26 3:7 ¼ 96:2<br />
The volume gives the number of bits necessary to encode that many different<br />
values. This number is hard to interpret.<br />
Potential Volume, V*<br />
The potential volume is the minimal size of a solution to the problem, solved in<br />
any language. Halstead assumes that in the minimal implementation, there would<br />
only be two operators: the name of the function and a grouping operator. The<br />
minimal number of operands is 2 :<br />
V ¼ð2þ 2Þ log2ð2 þ 2Þ<br />
Implementation Level, L<br />
Since we have the actual volume and the minimal volume, it is natural to take a<br />
ratio. Halstead divides the potential volume by the actual. This relates to how<br />
close the current implementation is to the minimal implementation as measured by<br />
the potential volume. The implementation level is unitless.<br />
L ¼ V =V<br />
The basic measures described so far are reasonable. Many of the ideas of<br />
operands and operators have been used in many other metric efforts. The remaining<br />
measures are given for historical interest and are not recommended as being<br />
useful or valid.<br />
Effort, E<br />
Halstead wanted to estimate how much time (effort) was needed to implement this<br />
algorithm. He used a notion of elementary mental discriminations (emd).<br />
E ¼ V=L<br />
The units are elementary mental discriminations (emd). Halstead’s effort is not<br />
monotonic—in other words, there are programs such that if you add statements,<br />
the calculated effort decreases.<br />
4<br />
Encoding n different items would require at a minimum log2 n bits for each item. To encode a sequence of N,<br />
such items would require N log2 n.
82<br />
Time, T<br />
Next, Halstead wanted to estimate the time necessary to implement the algorithm.<br />
He used some work developed by a psychologist in the 1950s, John Stroud. Stroud<br />
had measured how fast a subject could view items passed rapidly in front of his<br />
face. S is the Stroud number (emd/sec) taken from those experiments. Halstead<br />
used 18 emd/sec as the value of S.<br />
T ¼ E=S<br />
5.3.3 HENRY–KAFURA INFORMATION FLOW<br />
Sallie Henry and Dennis Kafura developed a metric to measure the intermodule<br />
complexity of source code. The complexity is based on the flow of information<br />
into and out of a module. For each module, a count is made of all the information<br />
flows into the module, ini, and all the information flows out of the module, outi.<br />
These information flows include parameter passing, global variables, and inputs<br />
and outputs. They also use a measure of the size of each module as a multiplicative<br />
factor. LOC and complexity measures have been used as this weight.<br />
HK i ¼ weight i ðout i in iÞ 2<br />
The total measure is the sum of the HKi from each module.<br />
EXAMPLE 5.14<br />
Calculate the HK information flow metrics from the following information. Assume<br />
the weight of each module is 1.<br />
mod # a b c d e f g h<br />
ini 4 3 1 5 2 5 6 1<br />
outi 3 3 4 3 4 4 2 6<br />
mod a b c d e f g h<br />
HK i 144 81 16 225 64 400 144 36<br />
HK for the whole program will be 1110.<br />
CHAPTER 5 Software Metrics
CHAPTER 5 Software Metrics 83<br />
Productivity<br />
5.4 Process Metrics<br />
Productivity is one of the basic process metrics. It is calculated by dividing the<br />
total delivered source lines by the programmer-days attributed to the project. The<br />
units are normally LOC/programmer-day. In many projects in the 1960s the productivity<br />
was 1 LOC/programmer-day. In large projects, the typical productivity<br />
will range from 2 to 20 LOC/programmer-day. In small, individual projects, the<br />
productivity can be much higher.<br />
EXAMPLE 5.15<br />
The project totaled 100 KLOC. Twenty programmers worked on the<br />
project for a year. This year included the whole effort for the<br />
requirements, design, implementation, testing, and delivery phases.<br />
Assume that there are about 240 workdays in a year (20 days a<br />
month for 12 months, no vacations). The productivity is 100,000<br />
LOC / 20 240 days = 20.8 LOC/programmer-day.<br />
5.5 The GQMApproach<br />
Vic Basili and Dieter Rombach developed this approach at the University of<br />
Maryland. GQM stands for goals, questions, and metrics. The idea is to first<br />
identify the goals of the approach. Next, questions are developed related to<br />
these goals. Finally, metrics are developed to measure the attributes related to<br />
the questions.<br />
EXAMPLE 5.16<br />
Use the GQM approach for the problem of customer satisfaction.<br />
Goal—Customer satisfaction<br />
Questions—Are customers dissatisfied when problems are found?<br />
Metric—Number of customer defect reports<br />
Review Questions<br />
1. Explain why the height example satisfies the criteria for valid metrics.<br />
2. A study of grade school children found a high correlation between shoe size and<br />
reading ability. Does this mean that shoe size is a good measure of intelligence?
84<br />
3. Explain why money is a ratio scale measure and not just an interval scale.<br />
4. Explain why GPA is not sound by measurement theory.<br />
5. Why is complexity not readily measurable?<br />
6. What is the advantage of having a partial order on the empirical relation system?<br />
7. Why is the number of decisions plus 1 an important method for calculating McCabe’s<br />
cyclomatic number?<br />
8. Why is monotonicity an important characteristic of a size or effort metric such as<br />
Halstead’s effort metric?<br />
Problems<br />
1. Identify the proper scale for each of the following measures:<br />
LOC<br />
McCabe’s cyclomatic number<br />
Average depth of nesting<br />
Maximum depth of nesting<br />
CHAPTER 5 Software Metrics<br />
2. Show that the temperature scales of Celsius and Fahrenheit are an interval scale using<br />
the Celsius temperatures of 20, 30, and 40 degrees.<br />
3. Show that McCabe’s cyclomatic number satisfies the representational theory of<br />
measurement.<br />
4. Show that McCabe’s cyclomatic number is an interval scale measure.<br />
5. Calculate McCabe’s cyclomatic number on the following source code. Draw a control<br />
flow graph. Label the regions with Roman numerals.<br />
read x,y,z;<br />
type = ‘‘scalene’’;<br />
if (x == y or x == z or y == z) type =‘‘isosceles’’;<br />
if (x == y and x == z) type =‘‘equilateral’’;<br />
if (x >= y+z or y >= x+z or z >= x+y) type =‘‘not a triangle’’;<br />
if (x
86<br />
Answers to Review Questions<br />
1. Explain why the height example satisfies the criteria for valid metrics.<br />
Criteria 1: Different people can be different heights.<br />
Criteria 2: Any two people that we feel are related in height, their numerical heights<br />
would agree.<br />
Criteria 3: Each additional height on a person matches the increase in numerical<br />
height.<br />
Criteria 4: Different people can be the same height.<br />
2. A study of grade school children found a high correlation between shoe size and<br />
reading ability. Does this mean that shoe size is a good measure of intelligence?<br />
No, shoe size correlates well with age. Age correlates well with reading ability. Neither<br />
would be a good measure, since neither would satisfy the representation condition.<br />
3. Explain why is money a ratio scale measure and not just an interval scale.<br />
Money has a well-understood notion of zero. In all monetary systems, there is a zero<br />
and it is equivalent to zero in all other systems. The intervals are fixed. Thus, if you<br />
have twice as much in U.S. dollars as I do, it will still be twice as much if we convert<br />
both our monies into British pounds (assuming no conversion penalties and using the<br />
same exchange rate).<br />
4. Explain why GPA is not sound by measurement theory.<br />
For grade points to be averaged, then grade points must be an interval scale. This<br />
implies that the difference between values is comparable. That is, the difference<br />
between an A and a B is the same as the difference between a D and an F.<br />
Normally, this is not even considered when allocating grades.<br />
5. Why is complexity not readily measurable?<br />
CHAPTER 5 Software Metrics<br />
Complexity is not well defined. There are many aspects to complexity, and each person<br />
may have a slightly different interpretation of what is complex. In fact, complexity<br />
could be considered the interaction between a person and the code.<br />
6. What is the advantage of having a partial order on the empirical relation system?<br />
The empirical relation system must have an accepted relation. It is often easier to find a<br />
partial order that is well accepted, whereas finding agreement on all cases might be<br />
difficult.<br />
7. Why is the number of decisions plus 1 an important method for calculating McCabe’s<br />
cyclomatic number?<br />
It would be very time-consuming to have to construct the control flow graph for large<br />
programs.<br />
8. Why is monotonicity an important characteristic of a size or effort metric such as<br />
Halstead’s effort metric?<br />
If adding more code can cause the value of the effort metric to decrease, then the<br />
metric’s behavior is not understandable. It may also mean that the metric can be<br />
manipulated.
CHAPTER 5 Software Metrics 87<br />
Answers to Solved Problems<br />
1. Identify the proper scale for each of the following measures:<br />
LOC Absolute<br />
McCabe’s cyclomatic number Interval<br />
Average depth of nesting Ordinal<br />
Maximum depth of nesting Ordinal<br />
2. Show that the temperature scales of Celsius and Fahrenheit are an interval scale using<br />
the Celsius temperatures of 20, 30, and 40 degrees.<br />
The Fahrenheit equivalents are 68, 86, and 104 degrees. The difference between the<br />
lowest and middle is 10 Celsius and 18 Fahrenheit. The difference between the bottom<br />
and the top is twice that, 20 Celsius and 36 Fahrenheit.<br />
3. Show that McCabe’s cyclomatic number satisfies the representational theory of<br />
measurement.<br />
For the empirical system, consider the set of all control flow graphs. The relation is<br />
that one CFG is less than or equal to the second CFG if the second CFG can be built<br />
out of the first by adding nodes and arcs.<br />
The numerical system (Answer Set) can be the integers. The relation on the integers<br />
is the standard less than or equal.<br />
The mapping is the formula e n þ 2. There are only two operations, adding nodes<br />
and adding arcs. Adding an arc means increasing the e value. Adding a nodes means<br />
adding a node on an arc. This means that both e and n increase by 1, so the value stays<br />
the same. Thus, for any two CFGs x and y, ifx is less than y, then y can be created<br />
from x by adding arcs and nodes. Thus, the value of the mapping must either increase<br />
or stay the same. Therefore, the less stringent representation condition is satisfied. (The<br />
more stringent representation condition cannot be satisfied, since the order on the<br />
CFGs is a partial order).<br />
4. Show that McCabe’s cyclomatic number is an interval scale measure.<br />
Since McCabe’s cyclomatic number is one more than the number of decisions, every<br />
interval in the cyclomatic number is caused by that number of additional decisions. So<br />
the difference between 2 and 3 is the same as the difference between 10 and 11. It is not<br />
a ratio scale measure because there is not a clear zero. In fact, the cyclomatic number<br />
cannot be zero.<br />
5. Calculate McCabe’s cyclomatic number on the following source code. Draw a control<br />
flow graph. Label the regions with Roman numerals.<br />
read x,y,z;<br />
type = ‘‘scalene’’;<br />
if (x == y or x == z or y == z) type =‘‘isosceles’’;<br />
if (x == y and x == z) type =‘‘equilateral’’;<br />
if (x >= y+z or y >= x+z or z >= x+y) type =‘‘not a triangle’’;<br />
if (x
88<br />
See Fig. 5-6 for the control flow graph.<br />
I<br />
a<br />
c<br />
e<br />
g<br />
i<br />
II<br />
III<br />
IV<br />
V<br />
CHAPTER 5 Software Metrics<br />
isosceles<br />
equilateral<br />
not a<br />
triangle<br />
bad inputs<br />
Fig. 5-6. Control flow graph.<br />
The number of regions is 5, so the cyclomatic number is 5. It can also be counted with<br />
decisions. There is a decision about which way to exit nodes a, c, e, and g. Thus, there<br />
are 4 decisions. The cyclomatic number is the number of decisions plus 1, so it is 5. It<br />
can also be counted using the formula e n þ 2. Here, e ¼ 12, and n ¼ 9, so<br />
e n þ 2 ¼ 5.<br />
6. Calculate McCabe’s cyclomatic number from the control flow graph shown in Fig. 5-5.<br />
Note that the graph is not planar (that is, drawn without crossing lines). Removing<br />
arcs until the graph is planar and then counting an additional region for each removed<br />
arc can calculate the cyclomatic number. In this graph (see Fig. 5-7), the arc e-g was<br />
removed, the regions were counted, and then region VIII was added for arc e-g. The<br />
count of decisions is seven (two decisions each on nodes a and c, one decision each on<br />
b, e, and f). The e n þ 2 ¼ 16 10 þ 2 ¼ 8.<br />
b<br />
TEAMFLY<br />
I<br />
e<br />
a<br />
II<br />
VIII<br />
VII<br />
III<br />
d<br />
VI<br />
c<br />
g<br />
IV<br />
h i<br />
Fig. 5-7. Control flow graph.<br />
V<br />
f<br />
j
CHAPTER 5 Software Metrics 89<br />
7. Calculate Halstead’s basic measures on the triangle code from Problem 5.<br />
operators operands<br />
read 1 == 5 string 5<br />
, 2 or 6 x 9<br />
; 7 and 1 y 8<br />
type 6 >= 3 z 8<br />
= 5 so C ¼ 8 6 þ 2 ¼ 4<br />
Regions ¼ 4 ¼> C ¼ 4<br />
Decisions ¼ 3 ¼> C ¼ 3 þ 1 ¼ 4
90<br />
I<br />
"exiting"<br />
a<br />
II<br />
"part 3"<br />
10. In Problem 9, count Halstead’s 1 and 2. Calculate and N. Count all strings as<br />
occurrences of one operand called ‘‘string.’’ Show your work.<br />
Operators<br />
token count token count token count<br />
cin 1 3 ; 6<br />
if 3 () 3 > 2<br />
{} 4 cout 5 5<br />
‘‘string’’ 5 < 1 else 1<br />
Operands<br />
token count operands token count token count<br />
a 4 b 2 c 2<br />
10 1<br />
"hello"<br />
III<br />
b<br />
CHAPTER 5 Software Metrics<br />
"part 1"<br />
c<br />
Note: The quotes could be counted separately from the strings. The else could be<br />
counted as part of an if-else so the if would have two occurrences.<br />
IV<br />
Fig. 5-8. Control flow graph<br />
1 ¼ 12 2 ¼ 4 ¼ 16<br />
N 1 ¼ 30 N 2 ¼ 9 N ¼ 48<br />
"part 2"
Risk Analysis and<br />
Management<br />
6.1 Introduction<br />
A risk is the possibility that an undesirable event (called the risk event) could<br />
happen. Risks involve both uncertainty (events that are guaranteed to happen<br />
are not risks) and loss (events that don’t negatively affect the project are not<br />
risks). Proactive risk management is the process of trying to minimize the possible<br />
bad effects of risk events happening. 1<br />
There is disagreement about what risks should be managed. Some experts<br />
suggest that only risks that are unique to the current project should be considered<br />
in risk analysis and management. Their view is that the management of risks<br />
common to most projects should be incorporated into the software process.<br />
6.2 Risk Identification<br />
This is the process of identifying possible risks. Risks can be classified as affecting<br />
the project plan (project risks), affecting the quality (technical risks), or affecting<br />
the viability of the product (business risks). Some experts exclude events that are<br />
common to all projects from consideration for risk management. These experts<br />
consider those common events as part of standard project planning.<br />
1<br />
Roger Pressman, Software Engineering: A Practitioner’s Approach, 5th ed, McGraw-Hill, New York, 2001,<br />
145–163.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
91
92<br />
EXAMPLE 6.1<br />
Consider a project that involves trying to develop safety critical software on cuttingedge<br />
hardware. List risks and classify each as project, technical, or business and<br />
as common to all projects or special to this project.<br />
Risk Project Technical Business Common Special<br />
Hardware not available X X<br />
Requirements incomplete X X<br />
Use of specialized methodologies X X<br />
Problems achieving required reliability X X<br />
Retention of key people X X<br />
Underestimating required effort X X<br />
The single potential customer<br />
goes bankrupt<br />
6.3 Risk Estimation<br />
X X<br />
Risk estimation involves two tasks in rating a risk. The first task is estimating the<br />
probability of the occurrence of a risk, called the risk probability, and the second<br />
task is estimating the cost of the risk event happening, often called the risk impact.<br />
Estimating the risk probability will be hard. Known risks are much easier to<br />
manage, and they become part of the software process. The new risks that are<br />
unique to the current project are those most important to manage. The cost of the<br />
risk may be easier to determine from previous experience with project failures.<br />
6.4 Risk Exposure<br />
CHAPTER 6 Risk Analysis and Management<br />
Risk exposure is the expected value of the risk event. This is calculated by multiplying<br />
the risk probability by the cost of the risk event.
CHAPTER 6 Risk Analysis and Management 93<br />
EXAMPLE 6.2<br />
Consider two dice. Consider a rolling a 7 as an undesirable event that would make<br />
you lose a pot of $60. Calculate the risk probability and the risk impact of rolling a<br />
7. Calculate the risk exposure.<br />
The risk probability is 6 cases out of 36 combinations, or 1/6. The risk impact is<br />
$60. The risk exposure is 1/6 times $60, or $10.<br />
6.4.1 RISK DECISION TREE<br />
A technique that can be used to visualize the risks of alternatives is to build a risk<br />
decision tree. The top-level branch splits based on the alternatives available. The<br />
next split is based on the probabilities of events happening. Each leaf node has the<br />
risk exposure for that event. The sum of the risk exposures for all leafs under the<br />
top-level split gives the total risk exposure for that choice.<br />
EXAMPLE 6.3<br />
A friend offers to play one of two betting games with you. Game A is that you toss<br />
a coin twice. He pays you $10 if you get two heads. You pay him $2 for each tail<br />
you toss. Game B is that you also toss a coin twice, but it costs you $2 to play and<br />
he pays you $10 if you get two heads. Which game should you play?<br />
The risk decision tree is shown in Fig. 6-1. Both games total to $0.50. Thus,<br />
each time you play, your average gain is 50 cents. No matter which game you<br />
choose.<br />
Game A<br />
Game B<br />
2 heads _ 0.25<br />
1 heads _ 0.5<br />
0 heads _ 0.25<br />
2 heads _ 0.25<br />
1 heads _ 0.5<br />
0 heads _ 0.25<br />
Fig. 6-1<br />
0.25 * $10 = $2.50<br />
0.5 * _ $2 = _ $1.00<br />
0.25 * _ $4 = _ $1.00<br />
0.25 * $10 _ $2 = $2.00<br />
0.5 * _ $2 = _ $1.00<br />
0.25 * _ $2 = $0.50
94<br />
6.5 Risk Mitigation<br />
Risk mitigation is the proactive strategy of trying to find ways to either decrease<br />
the probability of the risk event happening or the impact of it happening. While<br />
there are no magic ways to reduce risk, a common approach is to try to resolve<br />
risks related to uncertainty early. For example, if there is concern about particular<br />
systems that need to be used, investigating those systems early is better. Often, a<br />
prototype can be built that would identify problems early.<br />
EXAMPLE 6.4<br />
Consider the risks identified in the risk identification problem. Suggest an approach<br />
for either decreasing the probability or decreasing the impact or both.<br />
Risk Decrease Probability Decrease Impact<br />
Hardware not available Accelerate dev. of hardware Build simulator<br />
Requirements incomplete Increase review of<br />
requirements<br />
Use of specialized<br />
methodologies<br />
Problems achieving required<br />
reliability<br />
Increase staff training, hire<br />
experts<br />
Design for reliability<br />
Retention of key people Pay more Hire additional personnel<br />
Underestimating required<br />
effort<br />
The single potential<br />
customer goes bankrupt<br />
Hire external estimator Build in slack time,<br />
reestimate often<br />
Have external evaluation of<br />
area<br />
6.6 Risk Management Plans<br />
CHAPTER 6 Risk Analysis and Management<br />
Identify other potential<br />
clients<br />
A risk management plan must include an identifier, a description of the risk, an<br />
estimate of risk probability, an estimate of risk impact, a list of mitigation strategies,<br />
contingency plans, risk triggers (to determine when contingency plans<br />
should be activated), and responsible individuals. Additional fields might include<br />
current and/or past status of related metrics.
CHAPTER 6 Risk Analysis and Management 95<br />
EXAMPLE 6.5<br />
Develop a form for risk management and insert sample data.<br />
Risk ID: 1-010-77 Prob: 10 percent Impact: very high<br />
Description: Specialized hardware may not be available.<br />
Mitigation strategy: Build simulator, accelerate hardware development.<br />
Risk trigger: Hardware falling 1 week or more behind schedule.<br />
Contingency plan: Outsource hardware development as backup, deliver system on simulator.<br />
Review Questions<br />
1. Why is risk management important?<br />
Status/date/responsible person:<br />
Created – Jan 1,01 – Fred Jones<br />
Sim. completed – Feb 10, 01 – Bill Olson<br />
2. Consider driving to the airport to catch a plane on an airline that you have not used<br />
before. What risks might be unique to this trip to the airport, and which ones might be<br />
managed as part of the normal trip to the airport?<br />
Problems<br />
1. Analyze the potential risks for the dental office problem in Chapter 4, Problem 2.<br />
Classify the risks as normal or unique to this project.<br />
2. Consider a project that has 0.5 percent probability of an undetected fault that would<br />
cost the company $100,000 in fines. Calculate the risk exposure.
96<br />
CHAPTER 6 Risk Analysis and Management<br />
3. Consider the use of an additional review for Problem 2 that would cost $100 but<br />
eliminate such a fault 50 percent of the time. Calculate this new risk exposure with<br />
using the additional review. Is the additional review approach better?<br />
4. What would change in Problem 3 if the additional review was only effective 10 percent<br />
of the time?<br />
5. Build a decision tree for the problem in Example 6.3 if in Game A, the payoff was<br />
$5.00 and if the cost of playing in Game B was $4.00. Should you play either game?<br />
6. Company X has historical data that shows a normal error rate of 0.0036 errors per<br />
KLOC. A study of a new review technique shows that it costs $1000 per 100 KLOC<br />
and decreases the number of errors by 50 percent. Assume that each error costs the<br />
company an average of $10,000. The current project is estimated to be 50 KLOC in<br />
size. Calculate risk exposure for each approach. Is the new review technique worth<br />
doing?<br />
Answers to Review Questions<br />
1. Why is risk management important?<br />
Risks can be managed and the effect of risks can be minimized. However, minimizing<br />
risk requires that you identify and manage risks.<br />
2. Consider driving to the airport to catch a plane on an airline that you have not used<br />
before. What risks might be unique to this trip to the airport, and which ones might be<br />
managed as part of the normal trip to the airport?<br />
Normal risks—Running out of gas, flat tires, weather delays, traffic accidents, forgetting<br />
suitcases<br />
Unique risks—Construction on highway to airport, possibly different terminal, checkin<br />
delays specific to this airline<br />
Solutions to Problems<br />
1. Analyze the potential risks for the dental office problem in Chapter 4, Problem 2.<br />
Classify the risks as normal or unique to this project.
CHAPTER 6 Risk Analysis and Management 97<br />
Normal risks—Misunderstanding user desires, miscommunication with user, user<br />
hardware problems, cost overrun, project delays, and so on<br />
Unique risks—Interfacing with patient record system<br />
2. Consider a project that has 0.5 percent probability of an undetected fault that would<br />
cost the company $100,000 in fines. Calculate the risk exposure.<br />
The risk exposure is the sum of the risk exposure for each possibility.<br />
0:005 100,000 þ 0:995 0 ¼ $500<br />
3. Consider the use of an additional review for Problem 2 that would cost $100 but<br />
eliminate such a fault 50 percent of the time. Calculate this new risk exposure with<br />
using the additional review. Is the additional review approach better?<br />
0:0025 100,100 þ 0:9975 100 ¼ 250:25 þ 99:75 ¼ $350:00<br />
The additional review approach is better.<br />
4. What would change in Problem 3 if the additional review was only effective 10 percent<br />
of the time?<br />
The risk exposure would increase.<br />
0:0045 100; 100 þ 0:9955 100 ¼ 450:45 þ 99:55 ¼ 550:00<br />
and be marginally worse than the nonadditional review approach.<br />
5. Build a decision tree for the problem in Example 6.3 if in Game A, the payoff was<br />
$5.00 and if the cost of playing in Game B was $4.00. Should you play either game?<br />
The risk decision tree is shown in Fig. 6-2. In both games you would expect to lose<br />
money. In game A you would lose an average of $0.75, and in Game B you would lose<br />
an average of $1.50.<br />
Game A<br />
Game B<br />
2 heads _ 0.25<br />
1 heads _ 0.5<br />
0 heads _ 0.25<br />
2 heads _ 0.25<br />
1 heads _ 0.5<br />
0 heads _ 0.25<br />
Fig. 6-2<br />
0.25 * $5 = $1.25<br />
0.5 * _ $2 = _ $1.00<br />
0.25 * _ $4 = _ $1.00<br />
0.25 * $10 _ $4 = $1.50<br />
0.5 * _ $4 = _ $2.00<br />
0.25 * _ $4 = $1.00
98<br />
6. Company X has historical data that shows a normal error rate of 0.0036 errors per<br />
KLOC. A study of a new review technique shows that it costs $1000 per 100 KLOC<br />
and decreases the number of errors by 50 percent. Assume that each error costs the<br />
company an average of $10,000. The current project is estimated to be 50 KLOC in<br />
size. Calculate risk exposure for each approach. Is the new review technique worth<br />
doing?<br />
Case 1—No review<br />
Case 2—With review<br />
CHAPTER 6 Risk Analysis and Management<br />
Yes, it is better to do the review.<br />
0:0036 50 KLOC $10,000 ¼ $1800<br />
0:0018 50 KLOC $10,000 þ $500 ¼ $1400<br />
TEAMFLY
Software Quality<br />
Assurance<br />
7.1 Introduction<br />
There are many ways to define quality. None are perfect. It is like the old saying,<br />
‘‘I know it when I see it.’’<br />
One definition is that ‘‘quality is the totality of features and characteristics of a<br />
product or service which bear on its ability to satisfy a given need’’ (British<br />
Standards Institution).<br />
Another definition is that quality software is software that does what it is<br />
supposed to do. The lack of quality is easier to define; it is customer dissatisfaction.<br />
The usual measure is defect reports.<br />
The main technique for achieving quality is the software review or walkthrough.<br />
The goal of inspections is to find errors. Formal approaches have been<br />
shown to work better than informal approaches. The metric used most often to<br />
evaluate inspections is errors-found/KLOC. The efficiency may be measured in<br />
terms of errors-found/hour-spent. Much experimentation has been done on how<br />
much preparation time is optimal. Some work has also been done on how long the<br />
inspection meeting should last.<br />
7.2 Formal Inspections and Technical Reviews<br />
A formal inspection is a formal, scheduled activity where a designer presents<br />
material about a design and a selected group of peers evaluates the technical<br />
aspects of the design.<br />
The details of how a formal inspection or technical review is done can vary<br />
widely. The following aspects are usually accepted as what distinguishes a formal<br />
inspection from other reviews:<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
99
100<br />
Knowledgeable peers are used.<br />
The producer is an active participant.<br />
An explicit, completed product is inspected.<br />
The primary purpose is to find defects.<br />
A formal inspection is used routinely in software development.<br />
Specific roles are assigned.<br />
The inspection uses the specific steps of formal inspections.<br />
At least three people are involved in the inspection.<br />
7.2.1 INSPECTION ROLES<br />
Although there are variations, the following are the basic roles that most inspections<br />
use:<br />
Moderator—The moderator selects the team, conducts the inspection, and<br />
reports the results.<br />
Reader—The reader is often not the producer of the product; however, the<br />
reader will guide the team through the work product during the inspection<br />
meeting.<br />
Recorder—The recorder maintains the records of the inspection and accurately<br />
reports each defect.<br />
Producer—The producer is the one who originally produced the product. His or<br />
her role is to answer questions during the inspection. The producer is also<br />
responsible for correcting any problems identified in the inspection. He or<br />
she then reports the corrections to the moderator.<br />
7.2.2 INSPECTION STEPS<br />
Following are the basic steps in an inspection:<br />
CHAPTER 7 Software Quality Assurance<br />
1. Overview—When the producer satisfies the entrance criteria, the inspection<br />
is scheduled. The producer then conducts an overview. It acquaints the rest<br />
of the inspection team with the product to be inspected.<br />
2. Preparation—The inspection team members study the product. The time<br />
spent in preparing is controlled based on the size of the product in KLOC.<br />
The members may use a checklist to focus on significant issues.<br />
3. Inspection meeting—The moderator supervises the inspection meeting.<br />
Some approaches use a reader other than the producer to actually conduct<br />
the inspection. The recorder makes a complete record of issues raised. All<br />
members of the inspection team sign the report. Any team member may<br />
produce a minority report if there is a disagreement.
CHAPTER 7 Software Quality Assurance 101<br />
4. Rework—The producer reviews the report and corrects the product.<br />
5. Follow-up—The moderator reviews the report and the correction. If it<br />
satisfies the exit criteria, the inspection is completed. If not, the moderator<br />
can either have the producer rework the product or reinspection can be<br />
scheduled.<br />
7.2.3 CHECKLISTS<br />
A checklist is a list of items that should be checked during the review. Sometimes<br />
the items are expressed as questions to be answered.<br />
The value of a checklist is that it focuses the attention of the reviewer on<br />
potential problems. Every fault that is found should be analyzed to see if it<br />
warrants a checklist item to focus on that problem. (I recall a long debugging<br />
process caused by a semicolon directly after the condition in an IF statement in<br />
Cþþ. Now any checklist for Cþþ programs I write includes checking for semicolons<br />
at the end of decision conditions.)<br />
Checklist items that are not effective in finding faults during inspections should<br />
be considered for removal. Too many checklist items will lessen the effectiveness of<br />
the inspection.<br />
7.3 Software Reliability<br />
Reliability is the probability of not failing in a specified length of time. This is<br />
usually denoted by R(n), where n is the number of time units. If the time unit is<br />
days, then R(1) is the probability of not failing in 1 day. The probability of failing<br />
in a specified length of time is 1 minus the reliability for that length of time<br />
(FðnÞ ¼1 RðnÞ).<br />
Software reliability is a measure of how often the software encounters a data<br />
input or other condition that it does not process correctly to produce the right<br />
answer. Software reliability is not concerned with software wearing out. A better<br />
analogy for software failures is picking marbles out of a bag or throwing darts<br />
blindfolded at balloons on a wall.<br />
7.3.1 ERROR RATES<br />
If an error happens every 2 days, then the instantaneous error rate would be 0.5<br />
errors per day. The error rate is the inverse of the time between errors (inter-error<br />
time). The error rate can be used as an estimate of the probability of failure, F(1).<br />
Unless we know some trend, the best estimate of the short-term future behavior is<br />
the current behavior. So if we find 20 errors on one day, our best estimate for the<br />
next day is 20 errors.
102<br />
EXAMPLE 7.1<br />
If an error happens after 2 days, what is the probability that the system will not fail<br />
in 1, 2, 3, and 4 days?<br />
If an error happens every 2 days, we can use 0.5 as the instantaneous error<br />
rate. It can also be used to estimate the failure probability for 1 day. Thus, F(1) =<br />
0.5. Then, Rð1Þ ¼1 Fð1Þ ¼0:5: Rð2Þ ¼0:25: Rð3Þ ¼0:125: Rð4Þ ¼0:0625.<br />
If we can see a trend in the error rates, then we can estimate the error rate<br />
better. Instead of using equations to fit the data, plots of the failure rate can be<br />
used to visualize the behavior.<br />
If x is the inter-failure time, 1=x is the instantaneous failure rate. Plot the<br />
instantaneous failure rate versus either failure number or the elapsed time of the<br />
failure. Try to fit a straight line to the points. The value of the line at the current<br />
time can be used for the error rate.<br />
The intersection of this line with the horizontal axis indicates either the fault<br />
number where the failure rate goes to zero, or the amount of time necessary to<br />
remove all the faults. When the x-axis is the elapsed time, then the area under the<br />
straight line (units are time failure/time) represents the number of faults.<br />
Thus, empirical data about how often the software fails during testing or<br />
observation is used to estimate the current rate. Theoretical ideas will be used<br />
to refine the predictions for longer periods of time.<br />
7.3.2 PROBABILITY THEORY<br />
F(1) is the probability of failing on the next execution. It is equal to theta, the<br />
percentage of test cases that fail. 1 The failure probability can be estimated by the<br />
current instantaneous error rate or by the estimated error rate from the error rate<br />
plots.<br />
If we know R(1), then the probability that we can execute n test cases without<br />
failure is RðnÞ ¼Rð1Þ n .<br />
Note that FðnÞ is not Fð1Þ n .FðnÞ ¼1 ð1 Fð1ÞÞ n .<br />
7.4 Statistical Quality Assurance<br />
CHAPTER 7 Software Quality Assurance<br />
Statistical quality assurance (SQA) is the use of statistics to estimate the quality of<br />
software. Executing the code with a small set of randomly chosen test cases will<br />
give results that can be used for estimating the quality. This is sometimes called a<br />
software probe. The error rate on the randomly chosen sample can be used as an<br />
estimate of the error rate in the finished project.<br />
If the percentage of correct executions is high, then the development is going<br />
well. If the percentage of correct executions is low, then remedial action may be<br />
appropriate for the development process.<br />
1 A failure is usually defined as external behavior that is different from what is specified in the requirements.
CHAPTER 7 Software Quality Assurance 103<br />
7.5 IEEE Standards for SQA Plan<br />
An important part of achieving quality is to plan for quality, that is, to plan those<br />
activities that will help to achieve quality. The IEEE Standards Association has<br />
developed a standard (Std 730-1989) for software quality assurance plans.<br />
The following is part of the sections specified in IEEE Std 730-1989:<br />
1. Purpose—This section shall list the software covered and the portions of<br />
software life cycle covered.<br />
2. Reference Documents—This section shall list all the documents referenced<br />
in the plan.<br />
3. Management<br />
3.1 Organization—This section shall describe the structure of organization<br />
and the responsibilities, and usually includes an organizational<br />
chart.<br />
3.2 Tasks—This section shall list all of the tasks to be performed, the<br />
relationship between tasks and checkpoints, and the sequence of the<br />
tasks.<br />
3.3 Responsibilities—This section shall list the responsibilities of each<br />
organizational unit.<br />
4. Documentation<br />
4.1 Purpose—This section shall list all required documents and state how<br />
documents will be evaluated.<br />
4.2 Minimum documents—This section shall describe the minimum<br />
required documentation, usually including the following:<br />
SRS—Software Requirements Specification<br />
SDD—Software Design Description<br />
SVVP—Software Verification and Validation Plan<br />
SVVR—Software Verification and Validation Report<br />
User documentation—Manual, guide<br />
SCMP—Software Configuration Management Plan<br />
5. Standards, Practices, Conventions, and Metrics<br />
This section shall identify the S, P, C, and M to be applied and<br />
how compliance is to be monitored and assured. The minimal<br />
contents should include documentation standards, logic structure<br />
6.<br />
standards, coding standards, testing standards, selected SQA product,<br />
and process metrics.<br />
Reviews and Audits—This section shall define what reviews/audits will be<br />
done, how they will be accomplished, and what further actions are<br />
required.<br />
7. Tests—This section shall include all tests that are not included in<br />
SVVP.
104<br />
CHAPTER 7 Software Quality Assurance<br />
8. Problem Reporting—This section shall define practices and procedures for<br />
reporting, tracking, and resolving problems, including organizational<br />
responsibilities.<br />
9. Tools, Techniques, and Methodologies—This section shall identify the special<br />
software tools, techniques, and methodologies and describe their use.<br />
10. Code Control—This section shall define the methods and facilities to maintain<br />
controlled versions of the software.<br />
11. Media Control—This section shall define the methods and facilities to<br />
identify, store, and protect the physical media.<br />
12. Supplier Control (for outsourcing)—This section shall state provisions for<br />
assuring that software provided by suppliers meets standards.<br />
13. Records—This section shall identify documentation to be retained and<br />
methods to collection, maintain, and safeguard the documentation.<br />
14. Training—This section shall identify necessary training activities.<br />
15. Risk Management—This section shall specify methods and procedures for<br />
risk management.<br />
EXAMPLE 7.2<br />
Develop Section 3 and Section 8 of an SQA plan for a software development<br />
project. Assume a project manager named Bill; an external test team consisting of<br />
Tina, the leader, Donna, and Helen; a separate configuration management (CM)<br />
group consisting of Mike, Sam, and Joe; and a separate external quality assurance<br />
(QA) team consisting of John and James.<br />
See Fig. 7-1.<br />
PM (Bill) TM (Tina)<br />
Soft. engineer<br />
Soft. engineer<br />
Manager<br />
Donna Sam James<br />
Helen Joe<br />
Fig. 7-1. Section 3 SQA plan.<br />
CM (Mike) QA (John)<br />
Section 3<br />
3.1 Organization<br />
3.2 Tasks<br />
All documents will be reviewed. A configuration management tool will manage all<br />
documents and source code modules. All test plans will be done during the
CHAPTER 7 Software Quality Assurance 105<br />
requirements phase and include an adequate number of test cases. Formal<br />
inspections will be conducted at the end of each phase.<br />
3.3 Responsibilities<br />
The project team is responsible for all development, including requirements,<br />
design, and implementation. The project team produces the test plan as part of the<br />
requirements. They are also responsible for all documentation, including the user<br />
manuals and training documents.<br />
The test team is responsible for testing the base-lined version of the source<br />
code. The test team will use the test plan developed during requirements.<br />
Additional test cases will be developed to satisfy every-statement coverage of the<br />
code. Any discrepancies in the test plan and/or requirements or testing will be<br />
reported to the overall manager.<br />
The configuration management team will be responsible for accepting software<br />
configuration items and assigning version numbers.<br />
The quality assurance team will be responsible for overseeing all reviews, walkthroughs,<br />
and inspections. The QA team will track all problem reports.<br />
Section 8<br />
All problems identified outside of the development unit must be reported to the QA<br />
team for assignment of a problem report number. The manager of each team will<br />
approve the corrections of problem reports assigned to that team. The QA team<br />
will be responsible for tracking all problems and weekly reporting to the overall<br />
manager.<br />
Review Questions<br />
1. What are the differences between reviews and formal technical reviews?<br />
2. How can you evaluate a checklist?<br />
3. What revisions to a checklist should be done?<br />
4. What factors influence the effectiveness of a formal technical review?<br />
5. How is the effectiveness of a formal technical review measured?<br />
6. What happens if a producer cannot resolve an issue?<br />
7. What happens if one or more members of the inspection team disagree with the<br />
majority?<br />
8. If an honest die is rolled 5 times, what is the probability of not seeing a 6 in any of the<br />
rolls?<br />
9. If an honest die is rolled 5 times, what is the probability of seeing a 6 on at least one of<br />
the rolls?
106<br />
Problems<br />
1. Build a checklist for reviewing Cþþ code.<br />
2. Build a checklist for reviewing software designs.<br />
3. Draw a process model for a formal inspection.<br />
4. Assuming that the tests are representative of the operational situation, calculate the<br />
reliability of a software system that has had 10 errors in 200 test cases.<br />
5. Assume that FTR technique A requires 2 hours/KLOC preparation and allots<br />
1 hour/KLOC review time and FTR technique B requires 1 hour/KLOC preparation<br />
time and 4 hours/KLOC review time. Also assume that in a controlled experiment with<br />
the same source code, technique A finds 12 errors/KLOC and B finds 14 errors/KLOC.<br />
Compare the two techniques for effectiveness.<br />
6. If the software had 5 failures in 100 tests during 10 days of testing, what would be a<br />
good estimate of the reliability of the software over the next day? Week?<br />
7. Develop an SQA plan for the B&B problem (Chapter 4, Problem 3).<br />
8. Error 1 occurred after 4 days, and error 2 occurred 5 days later. Plot the error rate<br />
versus error number graph and the error rate versus time graph, and estimate the<br />
number of errors in the system and the time to remove all the errors.<br />
Answers to Review Questions<br />
1. What are the differences between reviews and formal technical reviews?<br />
An inspection or formal technical review (FTR) requires an explicit, completed product.<br />
The producer must be an active participant in the review/inspection. The inspection/FTR<br />
must be part of the defined software process. The primary purpose is to find<br />
defects. The inspection must follow the specified process with the specific roles and<br />
steps.<br />
2. How can you evaluate a checklist?<br />
Use it in reviewing software code/documents. Record the issues identified with each<br />
checklist item. Record the faults found after the item was successfully reviewed.<br />
3. What revisions to a checklist should be done?<br />
CHAPTER 7 Software Quality Assurance<br />
Items that are not associated with the detection of faults should be removed. Faults<br />
that are detected during later phases of the life cycle should be used to generate new<br />
checklist items.
CHAPTER 7 Software Quality Assurance 107<br />
4. What factors influence the effectiveness of a formal technical review?<br />
The preparation time and the review time.<br />
5. How is the effectiveness of a formal technical review measured?<br />
Usually in the rate of discovery of faults. This can be measured both in faultsfound/KLOC<br />
and in faults-found/reviewer-hour.<br />
6. What happens if a producer cannot resolve an issue?<br />
If the manager cannot resolve the issue, there will probably be a reinspection going<br />
through all the phases.<br />
7. What happens if one or more members of the inspection team disagree with the<br />
majority?<br />
The minority will produce a minority report presenting their views.<br />
8. If an honest die is rolled 5 times, what is the probability of not seeing a 6 in any of the<br />
rolls?<br />
ð5=6Þ 5 ¼ 0:4018<br />
9. If an honest die is rolled 5 times, what is the probability of seeing a 6 on at least one of<br />
the rolls?<br />
1 ð5=6Þ 5 ¼ 1 0:4018 ¼ 0:5982<br />
Answers to Problems<br />
1. Build a checklist for reviewing Cþþ code.<br />
1. Are all pointers initialized in the constructor?<br />
2. Are all variables declared?<br />
3. Does every ‘‘{’’ have a matching ‘‘}’’?<br />
4. Does every equality comparison have a double ‘‘=’’?<br />
5. Are any while or if conditions closed with a ‘‘;’’?<br />
6. Does every class declaration end with a ‘‘;’’?<br />
The preceding are sample checklist items I developed based on personal experiences<br />
of making Cþþ faults. In particular, I’ve spent a long time finding a fault caused by<br />
item 5.<br />
2. Build a checklist for reviewing software designs<br />
1. Are all significant functions shown in design?<br />
2. Are all significant attributes specified in design?<br />
3. Are all names related to purpose and type and are they unambiguous?
108<br />
CHAPTER 7 Software Quality Assurance<br />
4. Are all relationships between classes specified?<br />
5. Do all functions have the data necessary for the function to execute?<br />
3. Draw a process model for a formal inspection.<br />
See Fig. 7-2.<br />
Schedule<br />
inspection<br />
Product<br />
4. Assuming that the tests are representative of the operational situation, calculate the<br />
reliability of a software system that has had 10 errors in 200 test cases.<br />
Fð1Þ ¼10=200 ¼ 0:05<br />
Rð1Þ ¼0:95<br />
5. Assume that FTR technique A requires 2 hours/KLOC preparation and allots<br />
1 hour/KLOC review time and FTR technique B requires 1 hour/KLOC preparation<br />
time and 4 hours/KLOC review time. Also assume that in a controlled experiment with<br />
the same source code, technique A finds 12 errors/KLOC and B finds 14 errors/KLOC.<br />
Compare the two techniques for effectiveness.<br />
Technique A took 80 percent of the time of technique B and found 85 percent of the<br />
errors that B found. So A is slightly more efficient than B. From the point of view of<br />
marginal improvement, it took 2 hours/KLOC more effort to find the last<br />
2 errors/KLOC.<br />
6. If the software had 5 failures in 100 tests during 10 days of testing, what would be a<br />
good estimate of the reliability of the software over the next day? Week?<br />
Fð1Þ ¼0:05 Rð1Þ ¼0:95<br />
Next day?<br />
Assume 10 tests per day (average from last 10 days). Rð10Þ ¼Rð1Þ 10 ¼ 0:95 10 ¼ 0:598:<br />
Next week?<br />
Moderator<br />
Assignments<br />
Give<br />
overview<br />
Prepare<br />
Overview<br />
Producer<br />
Reader<br />
Assume 70 tests. Rð10Þ ¼Rð1Þ 70 ¼ 0:95 70 ¼ 0:027:<br />
Preparation<br />
Inspect<br />
Recorder<br />
Answer<br />
question<br />
Fig. 7-2. Process model for inspection.<br />
Record<br />
Results,<br />
issues<br />
TEAMFLY<br />
7. Develop an SQA plan for the B&B problem (Chapter 4, Problem 3).<br />
Resolve<br />
issues<br />
Moderator<br />
Report<br />
Final<br />
report
CHAPTER 7 Software Quality Assurance 109<br />
Section 1. Purpose<br />
The XYZ Corporation is developing software for Tom and Sue’s Bed and Breakfast Inn.<br />
This software is intended to maintain reservation information and help in monitoring<br />
expenses and profits. This SQA plan is for version 1.0 to be delivered to Tom and Sue<br />
by November 1.<br />
This SQA plan covers the development life cycle of the complete system from requirements<br />
specification through software testing.<br />
Section 2. Reference Documents<br />
Statement of Work, version B&RSOW1.0 dated 1/1<br />
XYZ Corporation Coding Standards, version 4.6, dated 7/8/95<br />
Section 3. Management<br />
3.1 Organization<br />
Project lead (Tom)<br />
Development group<br />
(Bill, Jane, Fred)<br />
SQA group<br />
(John)<br />
3.2 Tasks<br />
Requirements analysis and specification<br />
Project planning<br />
Cost estimation<br />
Architectural design<br />
Low-level design<br />
Implementation<br />
Testing<br />
Project monitoring<br />
Inspections<br />
Reviews<br />
Documentation<br />
3.3 Responsibilities<br />
Project Lead—Tom<br />
Responsibilities: Project planning, cost estimation, project monitoring, approvals of<br />
all summary reports and plans<br />
Requirements Lead—Bill<br />
Responsibilities: Requirements analysis and specification<br />
Team members: Jane, Fred<br />
Design—Jane<br />
Responsibilities: Architectural design<br />
Implementation Lead—Jane<br />
Responsibilities: Low-level design and implementation<br />
Team members: Fred, Bill<br />
Test Lead—Bill<br />
Responsibilities: All testing and test reports<br />
Team members: Fred<br />
Documentation—Jane<br />
Responsibilities: User manual
110<br />
SQA—John<br />
Responsibilities: Conduct of all reviews, walk-throughs, and inspections, review of<br />
all documents and reports, tracking of all problem reports, and submission of weekly<br />
problem report<br />
Section 4. Documentation<br />
Software Requirements Specification<br />
Software Design Using UML and OCL<br />
Software Test Plan<br />
Software Test Report<br />
User Manual<br />
Each document will be reviewed in the draft version and inspected in the final version. The<br />
SQA lead (John) will be responsible for conducting all reviews and inspections.<br />
Section 5. Standards, Practices, Conventions, and Metrics<br />
XYZ Corporation Coding Standards will be used. The SQA team will conduct inspections<br />
of all code to ensure compliance. The compliance report will be submitted to the project<br />
lead.<br />
Unadjusted function points will be counted on all components. LOC will be counted on<br />
all classes.<br />
Section 6. Reviews and Audits<br />
The following reviews will be done. The SQA lead will conduct each review and submit the<br />
report to the project lead for approval.<br />
Reviews:<br />
Software Requirements<br />
Preliminary Design Review<br />
Walk-Throughs of Each Class Design<br />
Code Inspections<br />
Section 7. Test<br />
Testing will be accomplished according to a test plan to be developed by the SQA team<br />
and approved by the project lead.<br />
Section 8. Problem Reporting<br />
All problems will be reported to the appropriate lead. If appropriate, the lead will submit a<br />
problem report to the SQA lead, who will enter the problem report into the problem<br />
tracking system. Resolution of the problem will be reported to the SQA lead. A weekly<br />
problem tracking report will be submitted to the project lead.<br />
Section 9. Tools, Techniques and Methodologies<br />
None.<br />
Section 10. Code Control<br />
CHAPTER 7 Software Quality Assurance<br />
The XYZ Corporation configuration management system will be used.
CHAPTER 7 Software Quality Assurance 111<br />
Section 11. Media Control<br />
N/A<br />
Section 12. Supplier Control (for outsourcing)<br />
N/A<br />
Section 13. Records—Collection, Maintenance, and Retention<br />
N/A<br />
Section 14. Training<br />
N/A<br />
Section 15. Risk Management<br />
N/A<br />
8. Error 1 occurred after 4 days, and error 2 occurred 5 days later. Plot the error rate<br />
versus error number graph and the error rate versus time graph, and estimate the<br />
number of errors in the system and the time to remove all the errors.<br />
As shown in Fig. 7-3, plotting error rate versus error number shows an intercept about<br />
6. Thus, there are 4 errors left in the system.<br />
0.3<br />
0.25<br />
0.2<br />
0.15<br />
0.1<br />
0.05<br />
0<br />
1 2 3 4 5 6 7 8<br />
Fig. 7-3. Error rate versus error number.<br />
<strong>Series</strong> 1<br />
As shown in Fig. 7-4, plotting error rates versus time elapsed shows an intercept<br />
around 29 to 30. Thus, it should take about 20 more units to completely remove the<br />
errors.<br />
0.3<br />
0.25<br />
0.2<br />
0.15<br />
0.1<br />
0.05<br />
0<br />
0 10 20 30 40 50<br />
Fig. 7-4. Error rate versus time elapsed.<br />
<strong>Series</strong> 1
Requirements<br />
8.1 Introduction<br />
112<br />
The goal of the requirements phase is to elicit the requirements from the user. This<br />
is usually achieved by the development of diagrams and the requirement specification<br />
after discussions with the user. The user then reviews the diagrams and<br />
specification to determine if the software developer has understood the requirements.<br />
Thus, it is essential that the diagrams and specifications communicate back<br />
to the user the essential aspects required of the software to be produced.<br />
The following sections describe the diagrams and requirement specification that<br />
are useful in achieving this communication.<br />
8.2 Object Model<br />
The basic approach in an object-oriented (OO) methodology is to develop an<br />
object model (see Section 2.4) that describes that subset of the real world that is<br />
the problem domain. The purpose is modeling the problem domain and not<br />
designing an implementation. Thus, entities that are essential to understanding<br />
the problem will be included even if they are not going to be included in the<br />
solution. The attributes and methods included in the object model will also be<br />
those needed for understanding the problem and not those that will just be important<br />
for the solution.<br />
The following are rules for object models for requirements:<br />
1. All real-world entities that are important to understanding the problem<br />
domain must be included.<br />
2. All methods and attributes that are important to understanding the<br />
problem domain must be included.<br />
3. Objects, attributes, and methods that are only significant for the implementation<br />
should not be included.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
CHAPTER 8 Requirements 113<br />
EXAMPLE 8.1<br />
Draw an object model for the library problem (see Example 2.6).<br />
See Fig. 8-1.<br />
patron<br />
name<br />
library<br />
borrow<br />
return<br />
loan<br />
due-date<br />
copy<br />
borrow<br />
checkin<br />
Fig. 8-1. Object model for library problem.<br />
EXAMPLE 8.2<br />
Draw an object model for simplified vi-like editor.<br />
See Fig. 8-2.<br />
user<br />
login<br />
editfile<br />
filename<br />
fileptr<br />
currentloc<br />
mode<br />
8.3 Data Flow Modeling<br />
Although not used much in OO development, data flow diagrams (see Section 2.2)<br />
were essential parts of pre-OO software development. Data flow diagrams (DFDs)<br />
still have an important role in the specification of many systems. The importance<br />
of data flow diagrams is in specifying what data is available to a component.<br />
Knowing the data available often helps in the understanding of what a component<br />
is expected to do and how it will accomplish the task.<br />
EXAMPLE 8.3<br />
Draw a DFD for the simple Unix, vi-like editor.<br />
See Fig. 8-3.<br />
book<br />
name<br />
file<br />
name<br />
type<br />
Fig. 8-2. Object model forsimplified vi-like editor.
114<br />
SRC<br />
code<br />
8.4 Behavioral Modeling<br />
Behavioral modeling refers to the behavior of the system, usually from the user<br />
point of view. These diagrams are used to specify aspects of the proposed system.<br />
It is important that the diagrams capture the essential aspects of the system and<br />
are able to communicate those aspects both to the developer and to the user for<br />
confirmation that this is the system that he or she wants.<br />
8.4.1 USE CASE<br />
Instrument<br />
code<br />
Test cases<br />
Inst. code<br />
Compile and<br />
execute<br />
CHAPTER 8 Requirements<br />
Output<br />
Analyze<br />
Vi-like editor<br />
Fig. 8-3. Data flow diagram for Unix, vi-like editor.<br />
Coverage<br />
report<br />
The use case diagram represents the functionality of the system from the user’s<br />
point of view (see Section 2.5). All critical functionality must be mentioned.<br />
However, routine functions that are implied by a higher-level phrase do not<br />
have to be specifically mentioned (the danger of miscommunication must be<br />
balanced by clarity). The textual requirements will detail these individual functions.<br />
EXAMPLE 8.4<br />
Draw the use case diagram for an editor that is similar to a simplified Unix vi-like<br />
editor.<br />
See Fig. 8-4.<br />
Create<br />
file<br />
Save<br />
file<br />
Insert<br />
text<br />
Fig. 8-4. Use case diagram for editor.<br />
Open<br />
file<br />
Modify<br />
text
CHAPTER 8 Requirements 115<br />
The essential functions in this diagram are file manipulation (create, save, and<br />
open). Insert and modify are intended as higher-level phrases covering the typical<br />
text-editing functions. Note that some capabilities such as search, copy, and move<br />
may be neglected, since they are not mentioned explicitly.<br />
8.4.2 SCENARIOS<br />
A scenario is a sequence of actions that accomplishes a user task. Alternative<br />
sequences are only shown by having a separate scenario for each alternative.<br />
Scenarios are used to illustrate an important capability or proposed use of the<br />
system.<br />
In UML, an interaction diagram (see Chapter 2) is used to specify the scenarios.<br />
Scenarios can also be specified by listing the sequence of actions.<br />
EXAMPLE 8.5<br />
Write scenarios for the simplified vi editor using each use case in Example 8.4.<br />
Use semicolons to separate actions. Use parentheses to contain comments or<br />
conditions.<br />
Create file<br />
vi filename (file does not already exist)<br />
Open file<br />
vi filename (file already exists)<br />
Insert text<br />
I ; ; <br />
i ; ; <br />
O ; ; <br />
o ; ; <br />
A ; ; <br />
a ; ; <br />
Modify text<br />
cw ; ; <br />
dw<br />
dd<br />
x<br />
Save file<br />
ZZ<br />
Note: Not all sequences are shown. For the sake of brevity, not all operations are<br />
shown. In an actual specification, efforts should be made to show all operations and<br />
significant sequences of operations. In this example, each scenario represents only<br />
a part of the use. Alternatively, each scenario could run from open file to close file.<br />
8.4.3 STATE DIAGRAMS<br />
The details of state diagrams were covered in Chapter 2. When being used as part<br />
of the requirements specification, it is important that the states reflect domain<br />
conditions that are understandable to the users. States that are only significant<br />
to the implementation should be coalesced into domain significant states.<br />
Additionally, the allowed transitions must include all allowed transitions from<br />
the scenarios. Sequences that are not intended in the proposed system should
116<br />
not be allowed in the state diagram. This may be difficult, since the existence of a<br />
transition in a scenario does not prohibit other transitions.<br />
The following are rules for using state diagrams in requirement specifications:<br />
1. All states must be domain significant.<br />
2. All sequences from scenarios must be allowed.<br />
3. All prohibited scenarios must not be allowed.<br />
EXAMPLE 8.6<br />
Draw a state diagram for the simple vi-like editor.<br />
See Fig. 8-5.<br />
vi <br />
ZZ<br />
cmd<br />
mode<br />
This state diagram is built by using understanding of the program to coalesce the<br />
states into states that have domain relevance. This diagram represents well to the<br />
user the behavior of the proposed simple vi-like editor.<br />
8.5 Data Dictionary<br />
A,a,I,i,O,o<br />
<br />
A data dictionary is a table of information about each data element in the system.<br />
Initially, in the requirements phase the data dictionary will be the data items from<br />
the problem domain.<br />
A typical entry will include the name of the item, in which class it is located, the<br />
type of the data item, and the semantics of the item.<br />
EXAMPLE 8.7<br />
Build a data dictionary for the library problem in Example 2.6.<br />
Name Class Type Size Semantics<br />
CHAPTER 8 Requirements<br />
input<br />
mode<br />
<br />
Fig. 8-5. State diagram for simple, vi-like editor.<br />
Author Book String < 40 char Last name, first name<br />
(may be truncated)<br />
Book Book Object Abstract concept of the book<br />
Book ID Copy Key Key to info about the book<br />
Borrower Loan Key Key to patron who made this<br />
loan<br />
Copy Copy Object Library’s physical copy of a<br />
book
CHAPTER 8 Requirements 117<br />
Copy ID Copy Key Key to physical copy being<br />
borrowed<br />
ISBN Book String 10-20 char International Standard Book<br />
Number<br />
Loan Loan Object A borrowing that is still<br />
active<br />
Name Patron String < 40 char Last name, first name<br />
(may be truncated)<br />
Patron Patron Object Registered holder of library<br />
card<br />
Title Book String < 50 char First 50 char of title from<br />
title page<br />
8.6 System Diagrams<br />
A system diagram is a nonformally defined diagram used to give an overview of a<br />
proposed system. It is often used when the more formally defined diagrams are too<br />
limited to express the necessary overview. System diagrams usually incorporate<br />
aspects of data flow and use case diagrams. They usually have ovals representing<br />
processing parts of the system, data objects representing files and/or databases,<br />
boxes representing data, and stick figures representing persons. Arcs are used to<br />
show the flow into and out of functions. A challenge with systems diagrams is to<br />
maintain consistency in the use of symbols and to give sufficient details.<br />
EXAMPLE 8.8<br />
Draw a system diagram for the simple vi-like editor.<br />
See Fig. 8-6.<br />
User<br />
Insert<br />
text<br />
Create<br />
file<br />
Working<br />
file<br />
Modify<br />
text<br />
Save<br />
file<br />
Open<br />
file<br />
Fig. 8-6. System diagram for simple, vi-like editor.<br />
EXAMPLE 8.9<br />
Draw a system diagram for a testing tool that instruments a source code, compiles<br />
the instrumented code, executes that code with test cases, and then analyzes the<br />
results.<br />
See Fig. 8-7. Note that the output from the compiler process is another process.<br />
File
118<br />
Test cases<br />
Test coverage<br />
analysis<br />
Source file<br />
Instrumentor<br />
Compiled<br />
code<br />
Analyzer<br />
8.7 IEEE Standard for Software Requirements<br />
Specification<br />
The following SRS outline is based on IEEE 830-1993:<br />
CHAPTER 8 Requirements<br />
Instrumented<br />
code<br />
Fig. 8-7. System diagram for testing tool.<br />
Compiler<br />
Output<br />
1. Introduction—This section is intended to provide an overview of the rest of<br />
the specification.<br />
1.1 Purpose—This section must describe the purpose of the SRS and the<br />
intended audience.<br />
1.2 Scope—This section must identify the product, explain what the<br />
product will and will not do, and describe the application of the<br />
software, including benefits, objectives, and goals.<br />
1.3 Definitions—This section must identify all terms, acronyms, and<br />
abbreviations used in the specification.<br />
1.4 References—This section must identify all documents referenced elsewhere<br />
in the specification.<br />
1.5 Overview—This section must describe what the rest of document contains.<br />
2. Overall Description—This section is intended to provide the background to<br />
understand the rest of the requirements.<br />
2.1 Product Perspective—This section must put the product into perspective<br />
with other products. It will usually include a block diagram of the<br />
larger system. It should specify constraints (e.g., system interfaces<br />
with other software), user interfaces (e.g., screen formats, timing),<br />
hardware interfaces, software interfaces (e.g., versions of interfaced<br />
software), memory constraints, operations (e.g., modes of operations),<br />
and site adaptation constraints.<br />
TEAMFLY
CHAPTER 8 Requirements 119<br />
2.2 Product Functions—This section must include a summary of the<br />
major functions of the product.<br />
2.3 User Characteristics—This section must include the educational level,<br />
experience, and technical expertise of the users.<br />
2.4 Constraints—This section must include any other (e.g., regulatory)<br />
constraint that is not covered in Section 2.1.<br />
2.5 Assumptions and Dependencies—This section must include any assumptions<br />
that, if not true, would require changes to the requirements.<br />
2.6 Apportioning of Requirements—This section must identify requirements<br />
that may be delayed to future versions of the product.<br />
3. Specific Requirements—According to IEEE Standard 830: ‘‘This section of<br />
the SRS should contain all the software requirements to a level of detail<br />
sufficient to enable designers to design a system to satisfy those requirements,<br />
and testers to test that the system satisfies those requirements.’’ This<br />
is an important criteria to remember: The SRS should be sufficiently<br />
detailed so designs and tests can be constructed directly from the SRS.<br />
Also, according to IEEE Standard 830: ‘‘These requirements should<br />
include at a minimum a description of every input (stimulus) into the system,<br />
every output (response) from the system and all functions performed<br />
by the system in response to an input or in support of an output.’’<br />
3.1 External Interface Requirements—This section must describe all<br />
inputs and outputs of the system. This is detailing the information<br />
from Section 2.1<br />
3.2 Functions—This section must describe all the functions of the system.<br />
These must include validity checks on inputs, responses to abnormal<br />
situations, effect of parameters, and the relationship of outputs to<br />
inputs.<br />
3.3 Performance Requirements—This section must describe the static and<br />
dynamic requirements.<br />
3.4 Design Constraints—This section must describe any constraints on the<br />
design.<br />
Review Questions<br />
1. What is the advantage of a DFD over other diagrams?<br />
2. What is the purpose of behavior specifications and diagrams in requirement specifications?<br />
3. What functions are important to include in use case diagrams?
120<br />
4. What criteria should be used to evaluate scenarios?<br />
5. What criteria should be used to evaluate state diagrams?<br />
6. What is the advantage of a system diagram?<br />
7. What can be a major problem with system diagrams?<br />
Problems<br />
1. Draw an object model for the B&B problem (see Problem 4.3).<br />
2. Draw an object model for the dental office problem (see Problem 4.2).<br />
3. Draw a DFD for the B&B system (see Problem 4.3).<br />
4. Draw a DFD for the dental office system (see Problem 4.2)<br />
5. Draw a use case diagram for the B&B problem (see Problem 4.3).<br />
6. Draw a use case diagram for the dental office problem (see Problem 4.2).<br />
7. Write scenarios for the B&B problem (see Problem 4.3).<br />
8. Write scenarios for the dental office problem (see Problem 4.2).<br />
9. Draw a state diagram for the B&B problem as a whole (see Problem 4.3).<br />
10. Draw a state diagram for the data item reservation in the B&B problem (see Problem<br />
4.3).<br />
11. Draw a state diagram for the dental office problem (see Problem 4.2).<br />
12. Draw a system diagram for the B&B system (see Problem 4.3).<br />
13. Draw a system diagram for the dental office system (see Problem 4.2).<br />
Answers to Review Questions<br />
CHAPTER 8 Requirements<br />
1. What is the advantage of a DFD over other diagrams?<br />
The data flow through the system and the specific data that is available to each process<br />
are clearly shown.<br />
2. What is the purpose of behavior specifications and diagrams in requirement specifications?<br />
The purpose is to communicate an overview of the proposed system to the user to<br />
ensure mutual understanding of the overall behavior of the proposed system.
CHAPTER 8 Requirements 121<br />
3. What functions are important to include in use case diagrams?<br />
The important functions are those critical functions that convey the required functionality.<br />
4. What criteria should be used to evaluate scenarios?<br />
Every significant sequence of functions needs to be shown from the user’s point of view.<br />
5. What criteria should be used to evaluate state diagrams?<br />
State diagrams need to show all possible transitions. Every arc in the diagram needs to<br />
have an event that caused the transition. There must also be a path from the start node<br />
to every node and from every node to a terminal node.<br />
6. What is the advantage of a system diagram?<br />
Being less formal, it can be more flexible in expressing ideas about the overall system.<br />
7. What can be a major problem with system diagrams?<br />
The lack of formality can lead to ambiguous diagrams with one symbol being used for<br />
different ideas.<br />
Answers to Problems<br />
1. Draw an object model for the B&B problem (see Problem 4.3).<br />
See Fig. 8-8.<br />
2. Draw an object model for the dental office problem (see Problem 4.2).<br />
See Fig. 8-9.<br />
customer<br />
make res.<br />
cancel<br />
arrive<br />
check out<br />
B&B<br />
reservation<br />
date<br />
Fig. 8-8. B&B object model.<br />
date
122<br />
3. Draw a DFD for the B&B system (See Problem 4.3).<br />
See Fig. 8-10.<br />
4. Draw a DFD for the dental office system (see Problem 4.2).<br />
See Fig. 8-11.<br />
patient<br />
name<br />
make appt.<br />
cancel<br />
Date Avail. date<br />
Name<br />
Expenses<br />
Payments<br />
Check date<br />
Record<br />
expenses<br />
Record<br />
payments<br />
dentist<br />
appointment<br />
procedures<br />
Fig. 8-9. Dental office object model.<br />
Make<br />
reservations<br />
Reservations<br />
& expenses<br />
file<br />
CHAPTER 8 Requirements<br />
daily sched.<br />
Date Answer<br />
query<br />
Availability<br />
Date<br />
Name<br />
Date<br />
Check date<br />
Check patient<br />
data<br />
Finances<br />
date<br />
Generate<br />
res. list<br />
Report<br />
finances<br />
Fig. 8-10. Data flow diagram for B&B.<br />
Avail. date<br />
Patient<br />
data<br />
Make<br />
appointment<br />
Appointment<br />
file<br />
Patient<br />
records<br />
Generate<br />
schedules<br />
Answer<br />
query<br />
Fig 8-11. Data flow diagram for dental office.<br />
Confirmation<br />
Daily reservations<br />
Weekly schedule<br />
Finance report<br />
Confirmation<br />
Daily schedule<br />
Weekly schedule<br />
Availability
CHAPTER 8 Requirements 123<br />
5. Draw a use case diagram for the B&B problem (see Problem 4.3).<br />
See Fig. 8-12.<br />
Owner<br />
6. Draw a use case diagram for the dental office problem (see Problem 4.2).<br />
See Fig. 8-13.<br />
Clerk<br />
7. Write scenarios for the B&B problem (see Problem 4.3).<br />
Customer Call 1:<br />
Customer calls about availability on a specified date.<br />
Sue brings up calendar for that week.<br />
There is a vacancy.<br />
Sue quotes a price.<br />
Sue gets name, address, telephone number, and credit card number.<br />
Sue enters information.<br />
Customer provides credit card to guarantee reservation.<br />
Customer Call 2:<br />
Make<br />
reservation<br />
Enter<br />
payments<br />
Cancel<br />
reservation<br />
Customer calls about availability on a specified date.<br />
Sue brings up calendar for that week.<br />
There are no vacancies.<br />
Analyze<br />
expenses<br />
Fig. 8-12. Use case diagram for B&B.<br />
Make<br />
appointment<br />
Cancel<br />
appointment<br />
Query<br />
appointments<br />
Print<br />
daily, weekly<br />
schedule<br />
Fig. 8-13. Use case diagram for dental office.<br />
Print<br />
weekly<br />
schedule<br />
Enter<br />
expenses<br />
Access<br />
patient<br />
records<br />
Dentist
124<br />
Customer Call 3:<br />
Customer calls about availability on a specified date.<br />
Sue brings up calendar for that week.<br />
There is a vacancy.<br />
Sue quotes a price.<br />
Sue gets name, address, telephone number, and credit card number.<br />
Sue enters information.<br />
Customer guarantees reservation.<br />
Reserve by date passes.<br />
Another customer requests that date.<br />
Nonguaranteed reservation is removed.<br />
8. Write scenarios for the dental office problem (Problem 4.2).<br />
1—Normal<br />
A patient calls for an appointment. The patient’s name is recognized by the system.<br />
The system suggests a time. The patient accepts that time, and the receptionist enters<br />
the appointment. Two days before the appointment, the receptionist gets a reminder<br />
list with the patient’s name and phone number. The receptionist calls to remind the<br />
patient. The patient comes for the appointment. After the appointment, the dental<br />
assistant schedules the patient’s next appointment.<br />
2—New Patient<br />
A patient calls for an appointment. The patient’s name is not recognized by the system.<br />
The patient must be entered into the patient records system.<br />
3—Multiple Appointments<br />
A patient calls and wants to make 6-month appointments for the next 2 years. The<br />
receptionist enters his name into the system and, when it is accepted, enters the agreed<br />
upon appointments.<br />
9. Draw a state diagram for the B&B problem as a whole (see Problem 4.3).<br />
See Fig. 8-14.<br />
Quit<br />
Start<br />
Start<br />
Date entered<br />
Confirmed<br />
CHAPTER 8 Requirements<br />
Date<br />
found<br />
Enter expense,<br />
enter payment,<br />
cancel reservation<br />
Fig. 8-14. State diagram for entire B&B problem.<br />
Name entered<br />
Reservation<br />
set
CHAPTER 8 Requirements 125<br />
10. Draw a state diagram for the data item reservation in the B&B problem (see Problem<br />
4.3).<br />
See Fig. 8-15.<br />
Create<br />
reservation<br />
11. Draw a state diagram for the dental office problem (see Problem 4.2).<br />
See Fig. 8-16.<br />
12. Draw a system diagram for the B&B system (see Problem 4.3).<br />
User<br />
Quit<br />
Start<br />
Start<br />
See Fig. 8-17.<br />
Not<br />
guaranteed<br />
Time<br />
elapsed<br />
Guarantee<br />
Cancel or<br />
forfeit guarantee<br />
Guaranteed<br />
Guest<br />
checkout<br />
Fig. 8-15. State diagram for data item reservation.<br />
Enter valid<br />
name<br />
Patient record<br />
found and<br />
possible appt.<br />
Confirmation returned<br />
Enter invaild name, query date,<br />
query by name, print schedule,<br />
delete appt.<br />
Fig. 8-16. State diagram for dental office.<br />
Reservation<br />
request<br />
Query for<br />
date<br />
Availability<br />
Make<br />
reservation<br />
Query<br />
Reservation<br />
file<br />
Generate<br />
schedule<br />
Fig. 8-17. System diagram for B&B.<br />
Guest arrive<br />
Confirm<br />
appt<br />
Enter<br />
expenses<br />
Active<br />
Appointment<br />
made<br />
Analyze<br />
expenses Expense<br />
report<br />
Schedule<br />
report<br />
Owners
126<br />
13. Draw a system diagram for the dental office system (see Problem 4.3).<br />
User<br />
See Fig. 8-18.<br />
Patient<br />
name and<br />
date/time<br />
Possible<br />
appointment<br />
Date<br />
Schedule<br />
Appointment<br />
tool<br />
Set<br />
appointment<br />
Query<br />
Patient<br />
records<br />
Appointment<br />
file<br />
CHAPTER 8 Requirements<br />
Schedule<br />
tool<br />
Fig. 8-18. System diagram for dental office.<br />
Daily<br />
schedule<br />
Weekly<br />
schedule<br />
Dentist
Software Design<br />
9.1 Introduction<br />
Design is ‘‘the process of applying various techniques and principles for the purpose<br />
of defining a device, a process, or a system in sufficient detail to permit its<br />
physical realization.’’ 1 Design is also the most artistic or creative part of the software<br />
development process. Few rules can be written to guide design.<br />
The design process converts the ‘‘what’’ of the requirements to the ‘‘how’’ of the<br />
design. The results of the design phase should be a document that has sufficient<br />
detail to allow the system to be implemented without further interaction with<br />
either the specifier or the user.<br />
The design process also converts the terminology from the problem space of the<br />
requirements to the solution space of the implementation. Some authors talk<br />
about object-oriented analysis (OOA) objects, which are in the problem/domain<br />
space, and object-oriented design (OOD) objects, which are in the solution/implementation<br />
space. For example, in the problem space we can talk about a realworld<br />
object like a person; in the solution space we can talk about a Cþþ class<br />
called person.<br />
Gunter et al. 2 write about the phenomenon in the environment (world) and the<br />
phenomenon in the implementation (machine). A phenomenon can be visible or<br />
hidden. The user-oriented requirements may be expressed in terms of the phenomenon,<br />
hidden or visible, from the environment. However, the specification that will<br />
be used as the basis for development must sit between the environment and the<br />
implementation and must be expressed in terms of a visible phenomenon from<br />
each. This specification is the starting point for design and will be called the<br />
development specification in this book.<br />
1 Taylor, An Interim Report of Engineering Design, MIT, 1959.<br />
2<br />
Gunter, Gunter, Jackson, and Zave, ‘‘A Reference Model for Requirements and Specifications,’’ IEEE<br />
Software, May/June 2000, 37–43.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
127
128<br />
EXAMPLE 9.1<br />
A robot is required to find specific brands of pop cans using a black-and-white<br />
camera and to return the cans to a recycling location. Such a statement can be the<br />
user-oriented requirements and consists of a phenomenon from the environment.<br />
However, the pop cans are hidden phenomenon in the environment. That is, the<br />
implementation will not know about pop cans; it will know about black-and-white<br />
images of pop cans. This is the visible phenomenon. When the specification that<br />
will be used as the starting point for design is written, it needs to talk in terms of<br />
these images. It will be assumed (and may need to be verified) that only real pop<br />
cans will give those images. For example, the problem will be much more difficult if<br />
the walls of the environment are covered with ads that contain images of pop cans.<br />
EXAMPLE 9.2<br />
Identify which phenomenon is in the environment and which is in the<br />
implementation in the library system.<br />
The physical book is an environment-hidden phenomenon. The system never<br />
knows about the book. When the librarian scans the book, he or she is really<br />
scanning a bar code. This bar code is not the ISBN but has to reflect possible<br />
multiple copies of a single book. This bar code is environment-visible. The<br />
implementation probably uses a different identifier or pointer for the book data. This<br />
internal identifier is implementation-hidden.<br />
The specification for development needs to be written in terms of the bar code<br />
on the book. Neither the physical book nor the internal identifier should be<br />
mentioned in the development specification.<br />
9.2 Phases of the DesignProcess<br />
The following are phases in design:<br />
TEAMFLY<br />
CHAPTER 9 Software Design<br />
Data design—This phase produces the data structures.<br />
Architectural design—This phase produces the structural units (classes).<br />
Interface design—This phase specifies the interfaces between the units.<br />
Procedural design—This phase specifies the algorithms of each method.<br />
EXAMPLE 9.3<br />
Design the library classes/data structures from the data items in the object model<br />
shown in Fig. 9-1 for the library problem (see Examples 8.1 and 2.6).<br />
The data design and the architectural phases have been combined in this<br />
example. The concentration in this example is on the loan and checkout<br />
functionality, with little regard for the other necessary tasks, such as administration,<br />
cataloging, assigning overdue fines, retiring books, and patron maintenance.<br />
The domain entity ‘‘book’’ is probably not going to continue into the design. It will<br />
be combined with ‘‘copy’’ into a class/data structure that stores all the information<br />
about a copy. It will probably use the ISBN and a copy number as the unique<br />
identifier. The patron information will be stored in a second data structure. Each<br />
record is probably identified by an unique patron ID number. The loan information<br />
may or may not be a separate data structure. If borrowing information needs to be<br />
saved beyond the return of the book, then it had better be a separate class/data
CHAPTER 9 Software Design 129<br />
patron<br />
name<br />
structure. Otherwise, the patron ID can be part of the copy class/data structure<br />
along with the due date of the book.<br />
Note in Fig. 9-2 that many data items have been added that are more in the<br />
implementation/solution space than in the problem/domain space. It can be argued<br />
that ‘‘ISBN’’ is part of the problem space instead of the solution space, but many<br />
library systems do not allow normal users to search by ISBN.<br />
patron<br />
patronid<br />
name<br />
address<br />
loannumber list<br />
borrow<br />
return<br />
borrow<br />
return<br />
9.2.1 INTERFACES<br />
loan<br />
due date<br />
library<br />
book<br />
name<br />
An interface specification is a specification of the external behavior of a module. It<br />
should be complete enough so that the calling module knows exactly what the<br />
called module will do under any circumstance. It should also be complete enough<br />
so that the implementer knows exactly what information must be provided.<br />
The interface specifications in an OO model are often the signatures of the<br />
public methods and the semantics associated with the methods. Interfaces can<br />
also be specified as part of a formal specification of the behavior of the whole<br />
system.<br />
Interfaces can also be the invariants, preconditions, and post-conditions for a<br />
method.<br />
copy<br />
borrow<br />
check in<br />
Fig. 9-1. Object model for library.<br />
library<br />
borrow<br />
return<br />
loan<br />
loannumber<br />
isbn<br />
patronid<br />
status<br />
due date<br />
update status<br />
Fig. 9-2. Class diagram for library problem.<br />
bookcopy<br />
isbn<br />
copynumber<br />
title<br />
author<br />
status<br />
loannumber<br />
borrow<br />
check in
130<br />
EXAMPLE 9.4<br />
Design the interfaces for the borrow functions of the library problem using the<br />
class diagram produced in Example 9.3.<br />
Both patron and bookcopy have ‘‘borrow’’ methods. Presumably, calling one<br />
or the other of these two methods creates the instance of loan. It is not clear from<br />
the class diagram which method creates the instance. However, it might be clear if<br />
the parameters and return type of each of these methods are specified.<br />
method patron::borrow<br />
input parameters – isbn<br />
return type – int<br />
0 if book is not available<br />
1 if book is available and loan instance created successfully<br />
-1 if error condition<br />
method bookcopy::borrow<br />
input parameter – loannumber<br />
return type – int<br />
0 if bookcopy is not available<br />
1 if bookcopy updated successfully<br />
9.3 DesignConcepts<br />
Two approaches to design are known as refinement and modularity:<br />
Refinement—This design approach develops the design by successively refining<br />
levels of detail. Sometimes this is called ‘‘top-down’’ design.<br />
Modularity—This is a structuring approach that divides the software into<br />
smaller pieces. All the pieces can be integrated to achieve the problem<br />
requirements.<br />
EXAMPLE 9.5<br />
Refine the borrow book function from the library problem.<br />
The top level starts with a function borrow book with two parameters, the title<br />
of the book and the name of the patron.<br />
The next refinement adds the notion of the loan entity. It probably has the<br />
following parts: find book given book title, find the patron given patron name, and<br />
create loan instance given IDS of book and patron.<br />
The next refinement expands each part. Find book returns ISBN if book is<br />
found and available, returns zero if book is not found, and returns –1 if book is in<br />
use. Find patron returns patron ID if patron is found and is in good standing,<br />
returns zero if patron not found, and returns –1 if patron is not eligible to borrow<br />
books. Create loan returns 1 if created successfully.<br />
9.3.1 ATTRIBUTES OF DESIGN<br />
Three design attributes are as follows:<br />
CHAPTER 9 Software Design<br />
Abstraction—An object is abstract if unnecessary details are removed.<br />
Similarly, abstraction in art tries to convey an image with just a few details.
CHAPTER 9 Software Design 131<br />
Abstraction in software design tries to let the designer focus on the essential<br />
issues without regard to unnecessary low-level details. Good abstraction<br />
hides the unnecessary details.<br />
Cohesion—A material is cohesive if it sticks together. A procedure is cohesive if<br />
all the statements in the procedure are related to every output. A class is<br />
cohesive if all the attributes in the class are used by every method. That is,<br />
cohesion in a module is achieved if everything is related. High cohesion is<br />
generally considered desirable.<br />
Originally, cohesion was defined in terms of types of cohesion. 3 The types<br />
included coincidental, logical, temporal, procedural, communicational,<br />
sequential, and functional. Temporal cohesion was when all functions were<br />
grouped together, since they had to be performed at the same time. Logical<br />
cohesion was when the functions logically belonged together.<br />
Coupling—Coupling is a measure of how interconnected modules are. Two<br />
modules are coupled if a change to a variable in one module may require<br />
changes in the other module. Usually the lowest coupling is desirable.<br />
EXAMPLE 9.6<br />
Evaluate the abstraction in the borrow functionality in the library problem.<br />
The borrow function appears in three classes: library, patron, and<br />
bookcopy. The best abstraction is if the borrow function in library knows as few<br />
details about the patron and bookcopy functions as possible. For example, does<br />
the borrow function need to know about the loan class?<br />
As shown in Fig. 9-3, if the borrow function in library just calls the borrow<br />
function in one of the lower levels, then it has good abstraction. That lower class<br />
will be handle the details of creating the loan instance and passing the pointer to<br />
the other lower-level class.<br />
library<br />
borrow<br />
bookcopy<br />
borrow<br />
patron loan<br />
create<br />
borrow<br />
Fig. 9-3<br />
If, however, the borrow function in library knows about the loan class, it<br />
can check the availability of the book, create the loan instance, and call both<br />
lower-level borrow functions to set the values of the loan instance. (See Fig. 9-<br />
4.)<br />
3 W. Stevens, G. Myers, and L. Constantine, ‘‘Structured Design,’’ IBM Systems Journal, 13 #2, 1974, 115–139.
132<br />
The version in Fig. 9.5 does not have good abstraction. That is, the details of the<br />
lower-level classes have not been hidden from the borrow function in library.<br />
9.4 Measuring Cohesion<br />
9.4.1 PROGRAM SLICES<br />
CHAPTER 9 Software Design<br />
library<br />
borrow<br />
bookcopy patron loan<br />
findstatus<br />
borrow<br />
borrow<br />
Fig. 9-4<br />
create<br />
library<br />
borrow<br />
bookcopy<br />
borrow<br />
patron loan<br />
borrow<br />
create<br />
Fig. 9-5. Borrow interaction diagram—version 1.<br />
The values of variables in a program depend on the values of other variables.<br />
There are two basic dependencies: data dependencies, where the value of x affects<br />
the value of y through definition and use pairs, and control dependencies, where<br />
the value of x determines whether code that contains definitions of y executes.<br />
EXAMPLE 9.7 MULTIPLICATION BY REPEATED ADDITION<br />
The following code calculates the product of x and y. The output variable z has a<br />
data dependency on the variable x, since x is added to z. The output z has a<br />
control dependency on the variable y, since y controls how many times x is added<br />
to z.
CHAPTER 9 Software Design 133<br />
z=0;<br />
while x > 0 do<br />
z=z+y;<br />
x=x–1;<br />
end-while<br />
Program slices can be calculated from either direction. An output slice finds<br />
every statement that affects the value of the specified output. An input slice finds<br />
every statement that is affected by the value of the specified input.<br />
It is easier to calculate the program slices from a directed graph that has a set of<br />
nodes, n, where each node is an input, an output, or a statement in the code. The<br />
arcs, e, are the dependencies.<br />
James Bieman and Linda Ott 4 have used variable definitions and references as<br />
the basic units instead of program statements. These definitions and references are<br />
called tokens. Thus, every constant reference, variable reference, and variable<br />
definition is a separate token.<br />
EXAMPLE 9.8<br />
Draw a directed graph showing the dependencies between the variables in the<br />
code in Example 9.7. Use solid lines for data dependencies and dashed lines for<br />
control dependencies.<br />
From the graph in Fig. 9-6, we can see that the output slice will start from the<br />
only output, z. The tokens z, z, y, z, and 0 from the statements z=z+y and z=0<br />
are added to the slice. Next, the tokens x and 0 are added from the statement<br />
while x> 0.Next, the tokens, x, x, and 1 from the statement x=x+1 are added.<br />
This exhausts the statements, so everything in this program is in the output slice<br />
for the variable z.<br />
z<br />
z = 0<br />
0 x<br />
z = z + y<br />
while x > 0<br />
Fig. 9-6<br />
x = x _ 1<br />
An input slice can start with the input variable x. The tokens x, 0,x, x, and 1<br />
from the statements while x>0 and x=x-1 are added to the slice. Next, the<br />
tokens, z, z, and y from the statement z=z+y are added. No other tokens can be<br />
added. Thus, the input slice is everything except z=0.<br />
An input slice for the variable y will only contain the initial y token and the<br />
tokens z and y from the statement z=z+y.<br />
4 James Bieman and Linda Ott, ‘‘Measuring Functional Cohesion,’’ IEEE TOSE, 20:8 August 1994, 644–657.<br />
y<br />
1
134<br />
9.4.2 GLUE TOKENS<br />
Bieman and Ott also defined some cohesion metrics using output slices. The<br />
definitions are based on glue tokens, which are tokens (code sections) that are in<br />
more than one slice, and superglue tokens, which are in all slices. Adhesiveness of a<br />
token is the percentage of output slices in a procedure that contains the token.<br />
There are three functional cohesion measures:<br />
Weak functional cohesion (WFC)—The ratio of glue tokens to total tokens<br />
Strong functional cohesion (SFC)—The ratio of superglue tokens to total tokens<br />
Adhesiveness (A)—The average adhesiveness of all tokens<br />
EXAMPLE 9.9<br />
Calculate the functional cohesion measures for the following code fragment.<br />
cin >> a >> b;<br />
int x,y,z;<br />
x=0; y=1; z=1;<br />
if (a > b){<br />
x = a*b;<br />
while (10 > a){<br />
y=y+z;<br />
a=a+5;<br />
}<br />
else {<br />
x=x+b;<br />
}<br />
CHAPTER 9 Software Design<br />
Fig. 9-7 shows each token from the code. The arcs are drawn from each token<br />
to all tokens that are immediately affected by the value of that token.<br />
10<br />
y<br />
a<br />
x<br />
= 0 y = 1 z =<br />
a > b<br />
x<br />
b 0<br />
= x b<br />
x = a<br />
a<br />
a = a<br />
x<br />
a<br />
z<br />
b<br />
y = y z<br />
Fig. 9-7. Directed graph showing all the dependencies.<br />
10<br />
><br />
5<br />
1<br />
5<br />
1
CHAPTER 9 Software Design 135<br />
See Fig. 9-8.<br />
a<br />
y<br />
10<br />
y<br />
axy<br />
a<br />
x<br />
a<br />
axy<br />
a<br />
axy<br />
b<br />
x y y zy zy<br />
= 0 y = 1 z = 1<br />
x<br />
axy<br />
b<br />
x<br />
x<br />
x<br />
x<br />
=<br />
There are no superglue tokens, so the strong functional cohesion (SFC) is equal<br />
to zero. Out of 31 tokens, there are 12 glue tokens, so the weak functional<br />
cohesion is 12/31 or 0.387.<br />
There are four slices. Zero tokens have 100 percent adhesiveness. Four tokens<br />
are on three slices, so they have 75 percent adhesiveness. Eight tokens are on<br />
two slices, so they have 50 percent adhesiveness. The remaining tokens, 19, are<br />
on only one slice, so they have 25 percent adhesiveness.<br />
Adhesiveness is the average adhesiveness of all tokens, so<br />
ð4 0:75 þ 8 0:50 þ 19 0:25Þ=31 ¼ 11:25=31 ¼ 0:363.<br />
x<br />
x<br />
x<br />
= a<br />
9.5 Measuring Coupling<br />
Coupling is a measure of how closely tied are two or more modules or classes. In<br />
particular, a coupling metric should indicate how likely would it be that a change<br />
to another module would affect this module. Many coupling metrics have been<br />
proposed.<br />
The basic form of a coupling metric is to establish a list of items that cause one<br />
module to be tied to the internal workings of another module.<br />
x<br />
0<br />
x<br />
b<br />
ay ay<br />
10 > a<br />
y y y<br />
y = y z<br />
ay ay ay<br />
a = a 5<br />
x<br />
x<br />
b<br />
a<br />
a<br />
z<br />
zy<br />
1<br />
Fig. 9-8. Annotated tokens showing the slices on which the tokens occur.<br />
a<br />
z<br />
5
136<br />
Dharma’s Module Coupling<br />
Dharma 5 proposed a metric with the following list of situations to be counted:<br />
di = Number of input data parameters<br />
ci = Number of input control parameters<br />
do = Number of output data parameters<br />
co = Number of output control parameters<br />
gd = Number of global variables used as data<br />
gc = Number of global variables used as control<br />
w = Number of modules called (fan-out)<br />
r = Number of modules calling this module (fan-in)<br />
Dharma’s module coupling indicator is the inverse of the sum of the preceding<br />
items times a proportionality constant:<br />
mc ¼ k=ðdi þ 2 ci þ do þ 2 co þ gd þ 2 gc þ w þ rÞ<br />
There are two difficulties with this metric. One is that an inverse means that the<br />
greater the number of situations that are counted, the greater the coupling that<br />
this module has with other modules and the smaller will be the value of mc. The<br />
other issue is that the parameters and calling counts offer potential for problems<br />
but do not guarantee that this module is linked to the inner workings of other<br />
modules. The use of global variables almost guarantees that this module is tied to<br />
the other modules that access the same global variables.<br />
9.6 Requirements Traceability<br />
Requirements traceability tries to link each requirement with a design element that<br />
satisfies the requirement. Requirements should influence design. If a requirement<br />
does not have a corresponding part of the design or a part of the design does not<br />
have a corresponding part in the requirements, there is a potential problem. Of<br />
course, some requirements do not have a specific part of the design that reflects the<br />
requirement, and some parts of the design may be so general that no part of the<br />
requirements requires that section.<br />
One approach to check traceability is to draw a matrix. On one axis will be<br />
listed all the requirements items, and on the other will be the list of design items. A<br />
mark will be placed at the intersection when a design item handles a requirement.<br />
EXAMPLE 9.10<br />
Draw a matrix showing the tracing of the requirements in the following description<br />
of the B&B problem and the design.<br />
Requirements:<br />
CHAPTER 9 Software Design<br />
5<br />
H. Dharma, ‘‘Quantitative Models of Cohesion and Coupling in Software,’’ Journal of Systems and Software,<br />
29:4, April 1995.
CHAPTER 9 Software Design 137<br />
Tom and Sue are starting a bed-and-breakfast in a small New England town. [1]<br />
They will have three bedrooms for guests. [2] They want a system to manage the<br />
[2.1] reservations and to monitor [2.2] expenses and profits. When a potential<br />
customer calls for a [3] reservation, they will check the [4] calendar, and if there is<br />
a [5] vacancy, they will enter [6.1] the customer name, [6.2] address, [6.3] phone<br />
number, [6.4] dates, [6.5] agreed upon price, [6.6] credit card number, and [6.7]<br />
room number(s). Reservations must be [7] guaranteed by [7.1] 1 day’s payment.<br />
Reservations will be held without guarantee for an [7.2] agreed upon time. If not<br />
guaranteed by that date, the reservation will be [7.3] dropped.<br />
Design:<br />
Class [A] B&B attributes: [A.1] day* daylist[DAYMAX];<br />
[A.2] reservation* reslist[MAX]; [A.3] transaction*<br />
translist[TRANSMAX]<br />
methods: [A.4] display calendar by week<br />
[A.5] display reservations by customer<br />
[A.6] display calendar by month<br />
Class [B] day attributes: [B.1] date thisdate<br />
[B.2] reservation* rooms[NUMBEROFROOMS]<br />
methods:[B.3] create(), [B.4] addreservation(),<br />
[B.5] deletereservation()<br />
Class [C] reservation attributes: [C.1]string name<br />
[C.2] string address [C.3] string creditcardnumber<br />
[C.4] date arrival [C.5] date guaranteeby<br />
[C.6] int numberofdays [C.7]int roomnumber<br />
methods: [C.8] create() [C.9] guarantee()<br />
[C.10] delete()<br />
Class [D] transaction attributes: [D.1] string name<br />
[D.2] date postingdate [D.3] float amount<br />
[D.4] string comments<br />
A A.1 A.2 A.3 A.4 A.5 A.6 B B.1 B.2 B.3 B.4 B.5 C C.1 C.2 C.3<br />
1 X<br />
2 X<br />
2.1 X X X X X X<br />
2.2 X<br />
3 X<br />
4 X X X<br />
5<br />
6.1 X
138<br />
1<br />
2<br />
2.1<br />
C.4 C.5 C.6 C.7 C.8 C.9 C.10 D D.1 D.2 D.3 D.4<br />
2.2 X<br />
3<br />
4<br />
5<br />
6.1<br />
6.2<br />
6.3<br />
6.4 X X<br />
6.5<br />
CHAPTER 9 Software Design<br />
6.2 X<br />
6.3<br />
6.4<br />
6.5<br />
6.6 X<br />
6.7<br />
7<br />
7.1<br />
7.2<br />
7.3<br />
TEAMFLY
CHAPTER 9 Software Design 139<br />
6.6<br />
6.7 X<br />
7 X<br />
7.1<br />
7.2 X<br />
7.3 X<br />
As shown in the tables above, there are a number of blank rows and blank<br />
columns. Requirement 5 is related to vacancies. There is not explicit handling of<br />
vacancies, although a vacancy should be the absence of a reservation on a<br />
particular date. Requirement 6.3 is the customer phone number, and it is missing.<br />
Requirement 6.5 is the agreed upon price, which is missing from the reservation<br />
information. Requirement 7.1 mentions the 1 day’s payment, which is also not in<br />
the attributes.<br />
Column A.1 is the daylist, which is included to help search for vacancies. B and<br />
B.1 are necessary but not specific to a requirement. C.8 is a constructor. D.1<br />
through D.4 are details of the transactions, which are neglected in the<br />
requirements.<br />
Review Questions<br />
1. Given the following design, indicate for the following ideas of coupling, cohesion, and<br />
abstraction whether it is desirable to have a high or low value and how this design<br />
exemplifies the term.<br />
Class college<br />
student* stulist[MAX]<br />
course* courselist[MAX]<br />
public:<br />
addStudent(char* studentname)<br />
addStudentToCourse(char* studentname, char*<br />
coursename)<br />
void displayStudent(char* studentname)<br />
void displayStudentsInCourse(char* coursename)<br />
Class course<br />
student* classroll[MAX]<br />
public:<br />
void displayStudents()
140<br />
Class student<br />
char* name<br />
public:<br />
void displayname()<br />
2. Why does Gunter restrict the terms/events that can be used in a specification? What is<br />
the difference between a user’s requirements and a specification?<br />
3. The proposed system is a face recognition based on image processing. The system will<br />
have a camera and is intended to prevent nonemployees from entering the company’s<br />
secret facilities by controlling the lock on the door. When a person tries to turn the<br />
door handle, the system takes an image and compares it with a set of images of current<br />
employees.<br />
Classify each of the following events as to whether the events are in the environment<br />
or in the system and whether the events are hidden or visible:<br />
1. A person tries to turn the door handles.<br />
2. The door is unlocked by the system.<br />
3. An employee lets a nonemployee through the door.<br />
4. An employee has an identical twin.<br />
5. An image has the minimal number of similarities for the matching algorithm.<br />
Problems<br />
1. Draw scenarios for the interaction between a customer trying to buy a particular music<br />
CD with cash and a clerk in the music store. Be sure to cover all possibilities. Use the<br />
state machine model with the events being the arcs.<br />
2. Calculate Bieman and Ott’s functional cohesion metrics for the following code segment.<br />
Draw a directed graph and show the flows.<br />
cin >> a >> b;<br />
int x,y,z;<br />
x=0; y=1; z=1;<br />
while (a > 0){<br />
x=x+b;<br />
z=z*b;<br />
if (a > b){<br />
y=y*a;<br />
}<br />
a=a-1;<br />
}<br />
cout
CHAPTER 9 Software Design 141<br />
Answers to Review Questions<br />
1. Given the following design, indicate for the following ideas of coupling, cohesion, and<br />
abstraction whether it is desirable to have a high or low value and how this design<br />
exemplifies the term.<br />
Class college<br />
student* stulist[MAX]<br />
course* courselist[MAX]<br />
public:<br />
addStudent(char* studentname)<br />
addStudentToCourse(char* studentname, char*<br />
coursename)<br />
void displayStudent(char* studentname)<br />
void displayStudentsInCourse(char* coursename)<br />
Class course<br />
student* classroll[MAX]<br />
public:<br />
void displayStudents()<br />
Class student<br />
char* name<br />
public:<br />
void displayname()<br />
Coupling—Low coupling is desirable, and this design has low coupling, since the<br />
college class has no knowledge of the internals of the other classes and the other<br />
classes do not need to know about college.<br />
Cohesion—High cohesion is desirable, and this has high cohesion, since each class just<br />
deals with its own attributes.<br />
Abstraction—The design shows good abstraction. For example, the display method in<br />
college does not include any details about lower-level display methods.<br />
2. Why does Gunter restrict the terms/events that can be used in a specification? What is<br />
the difference between a user’s requirements and a specification?<br />
Gunter says that a user’s requirements must be specified in terms/events that are<br />
known to the user and may include terms/events hidden to the machine, while a<br />
specification is designed to be the basis of the implementation and must be specified<br />
only in terms that are visible both to the machine and the world.<br />
3. The proposed system is a face recognition based on image processing. The system will<br />
have a camera and is intended to prevent nonemployees from entering the company’s<br />
secret facilities by controlling the lock on the door. When a person tries to turn the<br />
door handle, the system takes an image and compares it with a set of images of current<br />
employees.<br />
Classify each of the following events as to whether the events are in the environment<br />
or in the system and whether the events are hidden or visible:
142<br />
1. A person tries to turn the door handles. Environment Visible<br />
2. The door is unlocked by the system. System Visible<br />
3. An employee lets a nonemployee through the door. Environment Hidden<br />
4. An employee has an identical twin. Environment Hidden<br />
5. An image has the minimal number of similarities for the matching algorithm. System<br />
Hidden<br />
Answers to Problems<br />
1. Draw scenarios for the interaction between a customer trying to buy a particular music<br />
CD with cash and a clerk in the music store. Be sure to cover all possibilities. Use the<br />
state machine model with the events being the arcs.<br />
See Fig. 9-9.<br />
Customer<br />
enters store<br />
Customer<br />
doesn’t<br />
find CD<br />
Customer<br />
leaves store<br />
2. Calculate Bieman and Ott’s functional cohesion metrics for the following code segment.<br />
Draw a directed graph and show the flows.<br />
cin >> a >> b;<br />
int x,y,z;<br />
x=0; y=1; z=1;<br />
while (a > 0){<br />
x=x+b;<br />
z=z*b;<br />
if (a > b){<br />
y=y*a;<br />
}<br />
a=a-1;<br />
}<br />
cout
CHAPTER 9 Software Design 143<br />
See Fig. 9-10.<br />
See Fig. 9-11.<br />
a<br />
x<br />
axyz<br />
a<br />
x<br />
x<br />
x<br />
x<br />
x<br />
x<br />
144<br />
CHAPTER 9 Software Design<br />
There are 33 tokens. Four are superglue. Six (including the superglue tokens) are glue<br />
tokens. The weak functional cohesion (WFC) is 6=33 ¼ 18:2 percent. The strong<br />
functional cohesion (SFC) is 4=33 ¼ 12:1 percent. The adhesiveness is (4 1+2 0:7<br />
5 þ 27 0:25Þ=33 ¼ 12:25=33 ¼ 37:1 percent.<br />
This program calculates three separate quantities. It is not surprising that it scores<br />
low on the cohesion metrics.
Software Testing<br />
10.1 Introduction<br />
Software testing is the execution of the software with actual test data. Sometimes it<br />
is called dynamic software testing to distinguish it from static analysis, which is<br />
sometimes called static testing. Static analysis involves analyzing the source code<br />
to identify problems. Although other techniques are very useful in validating software,<br />
actual execution of the software with real test data is essential.<br />
10.2 Software Testing Fundamentals<br />
Exhaustive testing is the execution of every possible test case. Rarely can we do<br />
exhaustive testing. Even simple systems have too many possible test cases. For<br />
example, a program with two integer inputs on a machine with a 32-bit word<br />
would have 2 64 possible test cases (see Review Question 10.1). Thus, testing is<br />
always executing a very small percentage of the possible test cases.<br />
Two basic concerns in software testing are (1) what test cases to use (test case<br />
selection) and (2) how many test cases are necessary (stopping criterion). Test case<br />
selection can be based on either the specifications (functional), the structure of the<br />
code (structural), the flow of data (data flow), or random selection of test cases.<br />
Test case selection can be viewed as an attempt to space the test cases throughout<br />
the input space. Some areas in the domain may be especially error-prone and may<br />
need extra attention. The stopping criterion can be based on a coverage criterion,<br />
such as executing n test cases in each subdomain, or the stopping criterion can be<br />
based on a behavior criteria, such as testing until an error rate is less than a<br />
threshold x.<br />
A program can be thought of as a mapping from a domain space to an answer<br />
space or range. Given an input, which is a point in the domain space, the program<br />
produces an output, which is a point in the range. Similarly, the specification of<br />
the program is a map from a domain space to an answer space.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
145
146<br />
A specification is essential to software testing. Correctness in software is defined<br />
as the program mapping being the same as the specification mapping. A good<br />
saying to remember is ‘‘a program without a specification is always correct.’’ A<br />
program without a specification cannot be tested against a specification, and the<br />
program does what it does and does not violate its specification.<br />
A test case should always include the expected output. It is too easy to look at<br />
an output from the computer and think that it is correct. If the expected output is<br />
different from the actual output, then the tester and/or user can decide which is<br />
correct.<br />
10.3 Test Coverage Criterion<br />
A test coverage criterion is a rule about how to select tests and when to stop<br />
testing. One basic issue in testing research is how to compare the effectiveness<br />
of different test coverage criteria. The standard approach is to use the subsumes<br />
relationship.<br />
10.3.1 SUBSUMES<br />
A test criterion A subsumes test coverage criterion B if any test set that satisfies<br />
criterion A also satisfies criterion B. This means that the test coverage criterion A<br />
somehow includes the criterion B. For example, if one test coverage criterion<br />
required every statement to be executed and another criterion required every<br />
statement to be executed and some additional tests, then the second criterion<br />
would subsume the first criterion.<br />
Researchers have identified subsumes relationships among most of the conventional<br />
criteria. However, although subsumes is a characteristic that is used for<br />
comparing test criterian, it does not measure the relative effectiveness of two<br />
criteria. This is because most criteria do specify how a set of test cases will be<br />
chosen. Picking the minimal set of test cases to satisfy a criterion is not as effective<br />
as choosing good test cases until the criterion is met. Thus, a good set of test cases<br />
that satisfy a ‘‘weaker’’ criterion may be much better than a poorly chosen set that<br />
satisfy a ‘‘stronger’’ criterion.<br />
10.3.2 FUNCTIONAL TESTING<br />
CHAPTER 10 Software Testing<br />
In functional testing, the specification of the software is used to identify subdomains<br />
that should be tested. One of the first steps is to generate a test case for every<br />
distinct type of output of the program. For example, every error message should<br />
be generated. Next, all special cases should have a test case. Tricky situations<br />
should be tested. Common mistakes and misconceptions should be tested. The<br />
result should be a set of test cases that will thoroughly test the program when it is<br />
implemented. This set of test cases may also help clarify to the developer some of<br />
the expected behavior of the proposed software.
CHAPTER 10 Software Testing 147<br />
In his classic book, 1 Glenford Myers poses the following functional testing<br />
problem: Develop a good set of test cases for a program that accepts three numbers,<br />
a, b, and c, interprets those numbers as the lengths of the sides of a triangle,<br />
and outputs the type of the triangle. Myers reports that in his experience most<br />
software developers will not respond with a good test set. I have found the same<br />
experience in using this example in software engineering classes. Some classes will<br />
even fail to include valid triangles in the test set.<br />
EXAMPLE 10.1<br />
For this classic triangle problem, we can divide the domain space into three<br />
subdomains, one for each different type of triangle that we will consider: scalene<br />
(no sides equal), isosceles (two sides equal), and equilateral (all sides equal). We<br />
can also identify two error situations: a subdomain with bad inputs and a<br />
subdomain where the sides of those lengths would not form a triangle. Additionally,<br />
since the order of the sides is not specified, all combinations should be tried.<br />
Finally, each test case needs to specify the value of the output.<br />
Subdomain Example Test Case<br />
Scalene:<br />
Increasing size (3,4,5—scalene)<br />
Decreasing size (5,4,3—scalene)<br />
Largest as second (4,5,3—scalene)<br />
Isosceles:<br />
a=b & other side larger (5,5,8—isosceles)<br />
a=c & other side larger (5,8,5—isosceles)<br />
b=c & other side larger (8,5,5—isosceles)<br />
a=b & other side smaller (8,8,5—isosceles)<br />
a=c & other side smaller (8,5,8—isosceles)<br />
b=c & other side smaller (5,8,8—isosceles)<br />
Equilateral:<br />
All sides equal (5,5,5—equilateral)<br />
Not a triangle:<br />
Largest first (6,4,2—not a triangle)<br />
Largest second (4,6,2—not a triangle)<br />
Largest third (1,2,3—not a triangle)<br />
Bad inputs:<br />
One bad input ( 1,2,4—bad inputs)<br />
Two bad inputs (3, 2, 5—bad inputs)<br />
Three bad inputs (0,0,0 – bad inputs)<br />
1 G. Myers, The Art of Software Testing, New York: John Wiley, 1979.
148<br />
This list of subdomains could be increased to distinguish other subdomains that<br />
might be considered significant. For example, in scalene subdomains, there are<br />
actually six different orderings, but the placement of the largest might be the most<br />
significant based on possible mistakes in programming.<br />
Note that one test case in each subdomain is usually considered minimal but<br />
acceptable.<br />
10.3.3 TEST MATRICES<br />
CHAPTER 10 Software Testing<br />
A way to formalize this identification of subdomains is to build a matrix using the<br />
conditions that we can identify from the specification and then to systematically<br />
identify all combinations of these conditions as being true or false.<br />
EXAMPLE 10.2<br />
The conditions in the triangle problem might be (1) a ¼ b or a ¼ c or b ¼ c, (2)<br />
a ¼ b and b ¼ c, (3) a < b þ c and b < a þ c and c < a þ b, and (4) a > 0 and<br />
b > 0 and c > 0. These four conditions can be put on the rows of a matrix. The<br />
columns of the matrix will each be a subdomain. For each subdomain, a T will be<br />
placed in each row whose condition is true and an Fwhen the condition is false. All<br />
Conditions 1 2 3 4 5 6 7 8<br />
a ¼ b or<br />
a ¼ c or<br />
b ¼ c<br />
a ¼ b and<br />
b ¼ c<br />
a ¼< b þ c<br />
or<br />
b ¼< a þ c<br />
or<br />
c ¼< a þ b<br />
a ¼> 0or<br />
b ¼> 0or<br />
c ¼> 0<br />
Sample test<br />
case<br />
Expected<br />
output<br />
T T T T T F F F<br />
TEAMFLY<br />
T T F F F F F F<br />
T F T T F T T F<br />
T F T F F T F F<br />
0,0,0 3,3,3 0,4,0 3,8,3 5,8,5 0,5,6 3,4,8 3,4,5<br />
Bad inputs Equilateral Bad inputs Not<br />
triangle<br />
Isosceles Bad inputs Not<br />
triangle<br />
Scalene
CHAPTER 10 Software Testing 149<br />
valid combinations of T and Fwill be used. If there are three conditions, there may<br />
be 2 3 ¼ 8 subdomains (columns). Additional rows will be used for values of a, b,<br />
and c and for the expected output for each subdomain.<br />
10.3.4 STRUCTURAL TESTING<br />
Structural testing is based on the structure of the source code. The simplest structural<br />
testing criterion is every statement coverage, often called C0 coverage. 2<br />
10.3.4.1 C0—Every Statement Coverage<br />
This criterion is that every statement of the source code should be executed by<br />
some test case. The normal approach to achieving C0 coverage is to select test<br />
cases until a coverage tool indicates that all statements in the code have been<br />
executed.<br />
EXAMPLE 10.3<br />
The following pseudocode implements the triangle problem. The matrix shows<br />
which lines are executed by which test cases. Note that the first three statements<br />
(A, B, and C) can be considered parts of the same node.<br />
Node Source Line 3,4,5 3,5,3 0,1,0 4,4,4<br />
A read a,b,c * * * *<br />
B type=‘‘scalene’’ * * * *<br />
C if(a==b||b==c||a==c) * * * *<br />
D type=‘‘isosceles’’ * * *<br />
E if(a==b&&b==c) * * * *<br />
F type=‘‘equilateral’’ *<br />
G if(a>=b+c||b>=a+c||c>=a+b) * * * *<br />
H type=‘‘not a triangle’’ *<br />
I if(a
150<br />
By the fourth test case, every statement has been executed. This set of test cases<br />
is not the smallest set that would cover every statement. However, finding the<br />
smallest test set would often not find a good test set.<br />
10.3.4.2 C1—Every-Branch Testing<br />
A more thorough test criterion is every-branchtesting, which is often called C1 test<br />
coverage. In this criterion, the goal is to go both ways out of every decision.<br />
EXAMPLE 10.4<br />
If we model the program of Example 10.3 as a control flow graph (see Chapter 2),<br />
this coverage criterion requires covering every arc in the control flow diagram. See<br />
Fig. 10-1.<br />
A,B,C<br />
E<br />
G<br />
I<br />
K<br />
Fig. 10-1. Control flow graph for<br />
Example 10.3.<br />
10.3.4.3 Every-Path Testing<br />
D<br />
F<br />
H<br />
J<br />
CHAPTER 10 Software Testing<br />
Arcs 3,4,5 3,5,3 0,1,0 4,4,4<br />
ABC–D * * *<br />
ABC–E*<br />
D–E* * *<br />
E–F *<br />
E–G * * *<br />
F–G *<br />
G–H *<br />
G–I * * *<br />
H–I *<br />
I–J *<br />
I–K * * *<br />
J–K *<br />
Even more thorough is the every-pathtesting criterion. A path is a unique sequence<br />
of program nodes that are executed by a test case. In the testing matrix (Example<br />
10.2) above, there were eight subdomains. Each of these just happens to be a path.<br />
In that example, there are sixteen different combinations of T and F. However,<br />
eight of those combinations are infeasible paths. That is, there is no test case that
CHAPTER 10 Software Testing 151<br />
could have that combination of T and F for the decisions in the program. It can be<br />
exceedingly hard to determine if a path is infeasible or if it is just hard to find a test<br />
case that executes that path.<br />
Most programs with loops will have an infinite number of paths. In general,<br />
every-path testing is not reasonable.<br />
EXAMPLE 10.5<br />
The following table shows the eight feasible paths in the triangle pseudocode from<br />
Example 10.3.<br />
Path T/F Test Case Output<br />
ABCEGIK FFFF 3,4,5 Scalene<br />
ABCEGHIK FFTF 3,4,8 Not a triangle<br />
ABCEGHIJK FFTT 0,5,6 Bad inputs<br />
ABCDEGIK TFFF 5,8,5 Isosceles<br />
ABCDEGHIK TFTF 3,8,3 Not a triangle<br />
ABCDEGHIJK TFTT 0,4,0 Bad inputs<br />
ABCDEFGIK TTFF 3,3,3 Equilateral<br />
ABCDEFGHIJK TTTT 0,0,0 Bad inputs<br />
10.3.4.4 Multiple-Condition Coverage<br />
Amultiple-condition testing criterion requires that each primitive relation condition<br />
is evaluated both true and false. Additionally, all combinations of T/F for the<br />
primitive relations in a condition must be tried. Note that lazy evaluation 3 of<br />
expressions will eliminate some combinations. For example, in an ‘‘and’’ of two<br />
primitive relations, the second will not be evaluated if the first one is false.<br />
EXAMPLE 10.6<br />
In the pseudocode in Example 10.3, there are multiple conditions in each decision<br />
statement. Primitives that are not executed because of lazyevaluation are shown<br />
with an ‘‘X’’.<br />
3 Acompiler does lazy evaluation when it does not generate code for tests that are not needed. For example, if<br />
the first condition of an ‘‘or’’ expression is true, the second condition does not need to be tested.
152<br />
if(a==b||b==c||a==c)<br />
if(a==b&&b==c)<br />
Combination Possible Test Case Branch<br />
TXX 3,3,4 ABC-D<br />
FTX 4,3,3 ABC-D<br />
FFT 3,4,3 ABC-D<br />
FFF 3,4,5 ABC-E<br />
Combination Possible Test Case Branch<br />
if(a>=b+c||b>=a+c||c>=a+b)<br />
TT 3,3,3 E-F<br />
TF 3,3,4 E-G<br />
FX 4,3,3 E-G<br />
Combination Possible Test Case Branch<br />
if(a
CHAPTER 10 Software Testing 153<br />
10.3.4.5Subdomain Testing<br />
Subdomain testing is the idea of partitioning the input domain into mutually<br />
exclusive subdomains and requiring an equal number of test cases from each<br />
subdomain. This was basically the idea behind the test matrix. Subdomain<br />
testing is more general in that it does not restrict how the subdomains are<br />
selected. Generally, if there is a good reason for picking the subdomains, then<br />
they may be useful for testing. Additionally, the subdomains from other<br />
approaches might be subdivided into smaller subdomains. Theoretical work<br />
has shown that subdividing subdomains is only effective if it tends to isolate<br />
potential errors into individual subdomains.<br />
Every-statement coverage and every-branch coverage are not subdomain<br />
tests. There are not mutually exclusive subdomains related to the execution<br />
of different statements or branches. Every-path coverage is a subdomain<br />
coverage, since the subdomain of test cases that execute a particular path<br />
through a program is mutually exclusive with the subdomain for any other<br />
path.<br />
EXAMPLE 10.7<br />
For the triangle problem, we might start with a subdomain for each output. These<br />
might be further subdivided into new subdomains based on whether the largest or<br />
the bad element is in the first position, second position, or third position (when<br />
appropriate).<br />
Subdomain Possible Test Case<br />
Equilateral 3,3,3<br />
Isos – first 8,5,5<br />
Isos – sec 5,8,5<br />
Isos – third 5,5,8<br />
Scalene – first 5,4,3<br />
Scalene – sec 4,5,3<br />
Scalene – third 3,4,5<br />
Subdomain Possible Test Case<br />
Not triangle – first 8,3,3<br />
Not triangle – sec 3,8,4<br />
Not triangle – third 4,3,8<br />
Bad input – first 0,3,4<br />
Bad input – sec 3,0,4<br />
Bad input – third 3,4,0
154<br />
10.3.4.6 C1 Subsumes C0<br />
EXAMPLE 10.8—C1 Subsumes C0<br />
For the triangle problem, in Example 10.3 we selected good test cases until we<br />
achieved the C0 coverage. The test cases were (3,4,5—scalene), (3,5,3—<br />
isosceles), (0,1,0—bad inputs), and (4,4,4—equilateral). These tests also covered<br />
four out the five possible outputs. However, we can achieve C1 coverage with two<br />
test cases: (3,4,5—scalene) and (0,0,0—bad inputs). This test is probablynot as<br />
good as the first test set. However, it achieves C1 coverage and it also achieves<br />
C0 coverage.<br />
10.4 Data Flow Testing<br />
CHAPTER 10 Software Testing<br />
Data flow testing is testing based on the flow of data through a program.<br />
Data flows from where it is defined to where it is used. A definition of data,<br />
or def, is when a value is assigned to a variable. Two different kinds of use<br />
have been identified. The computation use, or c-use, is when the variable<br />
appears on the right-hand side of an assignment statement. Ac-use is said<br />
to occur on the assignment statement. The predicate use, or p-use, is when<br />
the variable is used in the condition of a decision statement. Ap-use is<br />
assigned to both branches out of the decision statement. A definition free<br />
path, or def-free, is a path from a definition of a variable to a use of that<br />
variable that does not include another definition of the variable.<br />
EXAMPLE 10.9—Control Flow Graph of Triangle Problem (Example 10.3)<br />
The control flow graph in Fig. 10-2 is annotated with the definitions and uses of the<br />
variables a,b, and c.<br />
p-use a,b,c<br />
p-use a,b,c<br />
p-use a,b,c<br />
p-use a,b,c<br />
abc<br />
e<br />
g<br />
i<br />
k<br />
def a,b,c type<br />
c-use type<br />
p-use a,b,c<br />
p-use a,b,c<br />
p-use a,b,c<br />
p-use a,b,c<br />
d<br />
f<br />
h<br />
j<br />
def type<br />
def type<br />
def type<br />
def type<br />
Fig 10-2. Control flow graph of triangle problem.
CHAPTER 10 Software Testing 155<br />
There are many data flow testing criteria. The basic criteria include dcu, which<br />
requires a def-free path from every definition to a c-use; dpu, which requires a<br />
def-free path from every definition to a p-use; and du, which requires a def-free<br />
path from every definition to every possible use. The most extensive criteria is<br />
all-du-paths, which requires all def-free paths from every definition to every<br />
possible use.<br />
EXAMPLE 10.10—Data Flow Testing of Triangle Problem<br />
dcu—The onlyc-use is for variable type in node k (the output statement).<br />
From def type in node abc to node k Path abc,e,g,i,k<br />
From def type in node d to node k Path d,e,g,i,k<br />
From def type in node f to node k Path f,g,i,k<br />
From def type in node h to node k Path h,i,k<br />
From def type in node j to node k Path j,k<br />
dpu—The onlyp-use is for variables a,b,c and the onlydef of a,b,c is node abc.<br />
From node abc to arc abc-d<br />
From node abc to arc abc-e<br />
From node abc to arc e-f<br />
From node abc to arc e-g<br />
From node abc to arc g-h<br />
From node abc to arc g-i<br />
From node abc to arc i-j<br />
From node abc to arc i-k<br />
du—All defs to all uses.<br />
All test cases of dcu and dpu combined.<br />
all-du-paths—All def-free paths from all defs to all uses.<br />
Same as du tests.<br />
10.5Random Testing<br />
Random testing is accomplished by randomly selecting the test cases. This<br />
approach has the advantage of being fast and it also eliminates biases of the<br />
testers. Additionally, statistical inference is easier when the tests are selected randomly.<br />
Often the tests are selected randomly from an operational profile.<br />
EXAMPLE 10.11<br />
For the triangle problem, we could use a random number generator and group<br />
each successive set of three numbers as a test set. We would have the additional<br />
work of determining the expected output. One problem with this is that the chance<br />
of ever generating an equilateral test case would be verysmall. If it actually<br />
happened, we would probablystart questioning our pseudorandom number<br />
generator.
156<br />
10.5.1 OPERATIONAL PROFILE<br />
CHAPTER 10 Software Testing<br />
Testing in the development environment is often very different than execution in<br />
the operational environment. One way to make these two more similar is to have a<br />
specification of the types and the probabilities that those types will be encountered<br />
in the normal operations. This specification is called an operational profile. By<br />
drawing the test cases from the operational profile, the tester will have more<br />
confidence that the behavior of the program during testing is more predictive of<br />
how it will behave during operation.<br />
EXAMPLE 10.12<br />
A possible operational profile for the triangle problem is as follows:<br />
# Description Probability<br />
1 equilateral .20<br />
2 isosceles – obtuse .10<br />
3 isosceles – right .20<br />
4 scalene – right triangle .10<br />
5 scalene – all acute .25<br />
6 scalene – obtuse angle .15<br />
To applyrandom testing, the tester might generate a number to select the<br />
categorybyprobabilities and then sufficient additional numbers to create the test<br />
case. If the categoryselected was the equilateral case, the tester would use the<br />
same number for all three inputs. An isosceles–right would require a random<br />
number for the length of the two sides, and then the use of trigonometryto<br />
calculate the other side.<br />
10.5.2 STATISTICAL INFERENCE FROM TESTING<br />
If random testing has been done by randomly selecting test cases from an operational<br />
profile, then the behavior of the software during testing should be the same<br />
as its behavior in the operational environment.
CHAPTER 10 Software Testing 157<br />
EXAMPLE 10.13<br />
If we selected 1000 test cases randomlyusing an operational profile and found<br />
three errors, we could predict that this software would have an error rate of less<br />
than three failures per 1000 executions in the operational environment. See<br />
Section 3.8 for more information on using error rates.<br />
10.6 Boundary Testing<br />
Often errors happen at boundaries between domains. In source code, decision<br />
statements determine the boundaries. If a decision statement is written as x
158<br />
Review Questions<br />
1. What are the basic concerns with software testing?<br />
2. Why is a specification needed in order to do testing?<br />
3. Why is path testing usually impractical?<br />
4. Does path testing subsume statement coverage?<br />
5. Software testers have sometimes said ‘‘errors happen in corners.’’ What could this<br />
mean?<br />
6. Every-statement coverage is not a subdomain testing criterion. What is the significance<br />
of this?<br />
7. How would the operational profile be different for a point-of-sale terminal in a discount<br />
store from a point-of-sale terminal in a ritzy store?<br />
8. Asoftware developer may unconsciously not test his or her software thoroughly. Why<br />
would a testing coverage criterion help?<br />
Problems<br />
TEAMFLY<br />
CHAPTER 10 Software Testing<br />
1. If a program has two integer inputs and each can be 32-bit integer, how many possible<br />
inputs does this program have?<br />
2. If a program has 2 64 possible inputs and one test can be run every millisecond, how<br />
long would it take to execute all of the possible inputs?<br />
3. Apayroll program will calculate the weekly gross pay given an input of the number of<br />
hours worked and current wages. Aworker may not work more than 80 hours per<br />
week, and the maximum wage is $50.00 per hour. Construct functional tests.<br />
4. Aprogram calculates the area of a triangle. The inputs are three sets of x,y coordinates.<br />
Construct functional tests.<br />
5. Aprogram accepts two times (in 12-hour format) and outputs the elapsed number of<br />
minutes. Construct functional tests.<br />
6. Abinary search routine searches a list of names in alphabetical order and returns true<br />
if the name is in the list and returns false otherwise. Construct functional tests.<br />
7. For the payroll program in Problem 10.3, identify the conditions and construct the test<br />
matrix.<br />
8. For the area of the triangle calculation of Problem 10.4, identify the conditions and<br />
construct the test matrix.<br />
9. For the elapsed time calculator of Problem 10.5, identify the conditions and construct<br />
the test matrix.
CHAPTER 10 Software Testing 159<br />
10. For the binary search routine of Problem 10.6, identify the conditions and construct<br />
the test matrix.<br />
11. Find the minimal set of test cases that would achieve C0 and C1 coverage of the<br />
triangle problem pseudocode from Example 10.3.<br />
12. The following pseudocode implements the elapsed time problem of Problem 10.5 if the<br />
elapsed time is less than 24 hours. Select test cases until every-statement coverage is<br />
achieved. Select additional test cases to achieve every-branch coverage.<br />
read hr1 min1 AmOrPm1<br />
read hr2 min2 AmOrPm2<br />
if (hr1 == 12)<br />
hr1 = 0<br />
if (hr2 == 12)<br />
hr2 = 0<br />
if (AmOrPm1 == pm)<br />
hr1 = hr1 + 12<br />
if (AmOrPm2 == pm)<br />
hr2 = hr2 + 12<br />
if ( min2 < min1)<br />
min2 = min2 + 1<br />
hr2 = hr2 – 1<br />
if( hr2 < hr1)<br />
hr2 = hr2 + 24<br />
elapsed = min2 – min1 + 60* (hr2 – hr1)<br />
print elapsed<br />
13. For the pseudocode of Problem 10.12, find a minimal set of test cases that will achieve<br />
C0 and a minimal set of test cases that will achieve C1.<br />
14. For the following code, identify all feasible paths, path tests, and data flow tests:<br />
cin >> a >> b >> c; // node A<br />
x=5;y=7;<br />
if(a>b&&b>c){<br />
a=a+1;//node B<br />
x=x+6;<br />
if(a=10||b>20){<br />
b=b+1;//node C<br />
x=y+4;<br />
}<br />
if (a < 10 || c = 20) { // node D<br />
b=b+2;//node E<br />
y=4<br />
}<br />
a=a+b+1;//node F<br />
y=x+y;<br />
}<br />
if (a > 5 || c < 10) { // node G<br />
b=c+5;//node H<br />
x=x+1;<br />
}<br />
cout >> x >> y; // node I
160<br />
15. Given the following code, draw the CFG and generate a minimal set of test cases for<br />
each of the following criteria: C0, C1, dpu, and dcu.<br />
cin>> a >> b // node A<br />
if (b>a) {<br />
x = b; // node B<br />
if (b>20) {<br />
x=x+9;//node C<br />
}<br />
else {<br />
x=x+1;//node D<br />
}<br />
x=x+1;//node E<br />
}<br />
else {<br />
x=a//node F<br />
if (a > 20_ {<br />
x=x+15;//node G<br />
}<br />
x=x–5;//node H<br />
}<br />
if (b > a + 20) // node I<br />
{<br />
x = 20; // node J<br />
}<br />
cout
CHAPTER 10 Software Testing 161<br />
4. Does path testing subsume statement coverage?<br />
Yes, every statement is on some path. So covering every path will cover every statement.<br />
5. Software testers have sometimes said ‘‘errors happen in corners.’’ What could this<br />
mean?<br />
Errors tend to be more prevalent on boundaries. That is, faults in the source code often<br />
affect some decision and thus produce an error on the boundary.<br />
6. Every statement coverage is not a subdomain testing criterion. What is the significance<br />
of this?<br />
When using a subdomain testing criterion, it is easy to improve the coverage by<br />
picking multiple test cases from every subdomain. This is also easy to analyze. This<br />
is not the case with every-statement coverage.<br />
7. How would the operational profile be different for a point-of-sale terminal in a discount<br />
store from a point-of-sale terminal in an expensive store?<br />
In the discount store, there will be more items marked with prices less than $10. In an<br />
expensive store, there will be more large prices. The prices may also be rounded up to<br />
the next amount.<br />
8. Asoftware developer may unconsciously not test his or her software thoroughly. Why<br />
would testing a coverage criterion help?<br />
Atesting coverage criterion helps to force the tester to test many different parts of the<br />
software.<br />
Answers to Problems<br />
1. If a program has two integer inputs and each can be 32-bit integer, how many possible<br />
inputs does this program have?<br />
Each 32-bit integer has 2 32 possible values. Thus, a program with two integer inputs<br />
would have 2 64 possible inputs.<br />
2. If a program has 2 64 possible inputs and one test can be run every millisecond, how<br />
long would it take to execute all of the possible inputs?<br />
That would be 10 6 tests per second, or 8.64 10 10 tests per day. That is equivalent to<br />
3.139 10 13 tests per year. Since 2 10 ¼ 1024 is about equal to 1000 ¼ 10 3 ,2 64 ¼ð2 10 Þ 6:4<br />
and is about equal to ð10 3 Þ 6:4 ¼ 10 19:2 . Dividing 10 19:2 by 10 13 give a value more than<br />
10 5 . Thus it would take at least 10 5 years to do all those tests.
162<br />
3. Apayroll program will calculate the weekly gross pay given an input of the<br />
number of hours worked and current wages. Aworker may not work more than<br />
80 hours per week, and the maximum wage is $50.00 per hour. Construct functional<br />
tests.<br />
Functional tests should include tests of normal pay and overtime and tests of the error<br />
conditions.<br />
Hours Wages Expected Output<br />
30 40.00 1200.00<br />
60 50.00 3500.00 (assume overtime)<br />
81 50.00 Invalid hours<br />
20 60.00 Invalid wages<br />
4. Aprogram calculates the area of a triangle. The inputs are three sets of x,y coordinates.<br />
Construct functional tests.<br />
The functional tests should include correct triangles, non-triangles, error conditions,<br />
and the obvious orientation of the triangles.<br />
Point 1 Point 2 Point 3 Expected Area<br />
1,1 1,5 5,1 8<br />
1,1 1,5 1,10 Not a triangle<br />
10,10 0,10 10,0 50<br />
0,0 0,10 10,10 50<br />
0,0 0,0 0,0 0<br />
CHAPTER 10 Software Testing<br />
5. Aprogram accepts two times (in 12-hour format) and outputs the elapsed number of<br />
minutes. Construct functional tests.<br />
The functional tests should include tests of less than 1 hour, more than 1 hour, one<br />
more than 12 hours, one that requires a carry of hours, and one with the times<br />
reversed.
CHAPTER 10 Software Testing 163<br />
Start Time Stop Time Expected Elapsed Time<br />
10:00 a.m. 10:40 a.m. 0:40<br />
9:57 p.m. 11:40 p.m. 1:43<br />
3:00 a.m. 9:15 p.m. 18:15<br />
1:50 a.m. 3:40 a.m. 1:50<br />
3:00 a.m. 7:24 a.m. 4:24<br />
5:00 p.m. 4:00 a.m. Error<br />
6. Abinary search routine searches a list of names in alphabetical order and returns true<br />
if the name is in the list and returns false otherwise. Construct functional tests.<br />
The functional tests should include tests of the following:<br />
The first name in the list<br />
The last name in the list<br />
Aname before the first name<br />
Aname after the last name<br />
Aname in the middle<br />
Aname not in the list right after the first name<br />
Aname not in the list right before the last name<br />
7. For the payroll program in Problem 10.3, identify the conditions and construct the test<br />
matrix.<br />
Condition<br />
0
164<br />
8. For the area of the triangle calculation of Problem 10.4, identify the conditions and<br />
construct the test matrix.<br />
Conditions<br />
Collinear pts F T<br />
Point 1 10,0 0,0<br />
Point 2 10,10 0,5<br />
Point 2 0,10 0,10<br />
Expected area 50 Error<br />
9. For the elapsed time calculator of Problem 10.5, identify the conditions and construct<br />
the test matrix.<br />
There are no conditions specified on the time. The only conditions could be that the<br />
times are valid times.<br />
10. For the binary search routine of Problem 10.6, identify the conditions and construct<br />
the test matrix.<br />
There are no conditions specified on the search.<br />
11. Find the minimal set of test cases that would achieve C0 and C1 coverage of the<br />
triangle problem pseudocode from Example 10.3.<br />
C0 can be achieved with one test case of three equal values less than or equal to zero,<br />
e.g., 0,0,0.<br />
C1 can be achieved with two test cases: 0,0,0 and a scalene, e.g., 3,4,5.<br />
12. The following pseudocode implements the elapsed time problem of Problem 10.5 if the<br />
elapsed time is less than 24 hours. Select test cases until every-statement coverage is<br />
achieved. Select additional test cases to achieve every-branch coverage<br />
read hr1 min1 AmOrPm1<br />
read hr2 min2 AmOrPm2<br />
if (hr1 == 12)<br />
hr1 = 0<br />
if (hr2 == 12)<br />
hr2 = 0<br />
if (AmOrPm1 == pm)<br />
hr1 = hr1 + 12<br />
if (AmOrPm2 == pm)<br />
hr2 = hr2 + 12<br />
CHAPTER 10 Software Testing
CHAPTER 10 Software Testing 165<br />
if ( min2 < min1)<br />
min2 = min2 + 1<br />
hr2 = hr2 – 1<br />
if( hr2 < hr1)<br />
hr2 = hr2 + 24<br />
elapsed = min2 – min1 + 60* (hr2 – hr1)<br />
print elapsed<br />
C0—Start Time Stop Time Expected Elapsed Time<br />
12:00 p.m. 12:40 p.m. 0:40<br />
9:57 p.m. 11:40 p.m. 1:43<br />
5:00 p.m. 4:00 a.m. 12:00<br />
C1—Start Time Stop Time Expected Elapsed Time<br />
Tests above plus the following:<br />
8:00 a.m. 12:40 p.m. 4:40<br />
13. For the pseudocode of Problem 10.12, find a minimal set of test cases that will achieve<br />
C0 and a minimal set of test cases that will achieve C1.<br />
The minimal test set for C0 will need at least two test cases. Hour 1 has to be 12 on one<br />
test, hour 2 has to be 12 on one test, hour 1 has to be p.m. on one test, hour 2 has to be<br />
p.m. on one test, minute 2 has to be less than minute 1 on one test and hour 2 has to be<br />
less than hour 1 on one test. This can be done on two test cases.<br />
Min C0—Start Time Stop Time Expected Elapsed Time<br />
12:00 p.m. 10:40 a.m. 22:40<br />
9:57 a.m. 12:40 p.m. 2:43<br />
This also achieves C1 coverage because each of those conditions is also false on one of<br />
these tests.
166<br />
14. The following are the feasible paths, path tests, and data flow tests.<br />
Paths Truth a,b,c<br />
AGI FxxF 4,8,12<br />
AGHI FxxT 4,8,8<br />
ABDFGI TFFF Infeasible<br />
ABDFGHI TFFT 12,8,6<br />
ABCDGI TTFF Infeasible<br />
ABCDGHI TTFT 24,22,8<br />
ABCDEFGI TTTF Infeasible<br />
ABCDEFGHI TTTT 24,22,20<br />
ABDEFGI TFTF Infeasible<br />
ABDEFGHI TFTT 6,4,2<br />
Node def c-use p-use<br />
A a,b,c,x,y<br />
ab,ag a,b,c<br />
B a,x a,x<br />
bc,bd a,b<br />
C b,x b,y<br />
D<br />
de,df a,c<br />
Eb,y b<br />
F a,y a,b,x,y<br />
CHAPTER 10 Software Testing
CHAPTER 10 Software Testing 167<br />
See Fig. 10-4.<br />
G<br />
gh,gi a,c<br />
H b,x c,x<br />
I x,y<br />
15. The following are the paths, CFG, and minimal test cases for each of the following<br />
criteria: C0, C1, dpu, and dcu.<br />
Paths (feasible are numbered)<br />
1. abceik TTF<br />
2. abceijk TTT<br />
3. abdeik TFF<br />
4 .abdeijk TTT<br />
5. afhik FTF<br />
afhijk infeasible<br />
6. afghik FFF<br />
afghijk infeasible<br />
p-use a,b,c<br />
A<br />
p-use a,b<br />
c-use c c-use d<br />
F D<br />
C<br />
def b def b<br />
G<br />
def a,b,c<br />
p-use a,b,c<br />
B<br />
E<br />
c-use a,c<br />
Fig. 10-4<br />
c-use a def a<br />
p-use a,b<br />
c-use a,b def a<br />
c-use b def a
168<br />
Minimal tests:<br />
C0: inputs output<br />
2. abceijk 10,30 20<br />
3. abdeik 10,20 22<br />
6. afghik 20,15 30<br />
(must include 6, but could be 1 and 4)<br />
C1: inputs output<br />
C0 tests plus<br />
6. afghik 20,15 30<br />
(must include 6, but could be paths 1 and 4)<br />
dpu: The only p-uses are for variable a and b. The only defs for a and b are in node<br />
A. The minimal test set is equivalent to C1. It must include partial paths AB,<br />
AF, BC, BD, FH, FG, IJ, and IK. This can be done with paths 1,4,5,6 or<br />
paths 2,3,5,6<br />
dcu: The defs of variable x are in nodes B,C,D,E,F,G,H, and J. The c-use for<br />
variable x are in nodes C,D,E,G,H, and K. The defs of variables a and b<br />
are in node Aand the c-use of variable b is in node B and the c-use of variable<br />
a is in node F. The minimal test set must include partial paths BC or BD, CE,<br />
DE, FG or F..K, GH, H..J or H..K, JK, AB, and AF. This can be done with<br />
any C1 test set.<br />
See Fig. 10-5.<br />
TEAMFLY<br />
G<br />
F<br />
H<br />
J<br />
CHAPTER 10 Software Testing<br />
A<br />
I<br />
C<br />
K<br />
Fig. 10-5<br />
B<br />
E<br />
D
Object-Oriented<br />
Development<br />
11.1 Introduction<br />
Object-oriented software is different than conventional software. There are potentially<br />
many benefits to object-oriented development. Among these benefits are<br />
simplification of requirements, design, and implementation. These benefits are<br />
achieved by modeling the problem domain with objects that represent the important<br />
entities, by encapsulating the functions with the data, by reusing objects<br />
within a project and between projects, and by having a solution that is much<br />
closer intellectually 1 to the problem.<br />
The Unified Modeling Language (UML) is the standard notation for objectoriented<br />
models. The specification of the UML is available on the Web. 2<br />
11.1.1 INHERITANCE<br />
One of the innovative ideas in object-oriented software is inheritance. Inheritance<br />
comes from the recognition of the hierarchy of ideas and concepts, and how this<br />
hierarchy/classification involves much inherent reuse of ideas and so on from the<br />
higher-level concepts to the lower-level specialization of those concepts.<br />
When two groups of entities are related by one being a specialization of the<br />
other, there is the potential for an inheritance relationship. In an inheritance<br />
1 Intellectual distance is a term used to describe how close two ideas are to each other—in this case, how close the<br />
structure of the real-world problem is to the structure of the solution.<br />
2 www.omg.org, or search with the keyword ‘‘UML.’’<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
169
170<br />
CHAPTER 11 Object-Oriented Development<br />
relationship, the base class (the more general class) will contain all common attributes.<br />
The derived class (the more specialized class) will inherit all the common<br />
attributes from the base class.<br />
For example, if one group of entities consists of vehicles and the other group of<br />
cars, we can use inheritance. The cars can inherit from the vehicles. The cars can<br />
share many of the attributes and operations of the vehicle class. All the common<br />
attributes can be located in the base class. The derived class will automatically<br />
inherit those attributes. This sharing saves effort.<br />
EXAMPLE 11.1<br />
Draw an object model that identifies all the commonalities between cars and<br />
vehicles.<br />
Fig. 11-1 shows that cars and vehicles both have bodies, engines, wheels<br />
(maybe not four), headlights, brand names, manufacturer, and cost. (There are<br />
probablymanymore.)<br />
vehicles<br />
name<br />
manufacturer<br />
cost<br />
body<br />
engine<br />
wheels<br />
headlights<br />
cars<br />
Fig. 11-1<br />
EXAMPLE 11.2<br />
Draw an object model that identifies the commonalities in a librarysystem that<br />
handles books, magazines, pamphlets, movie videotapes, music CDs, audio book<br />
tapes, and newspapers.<br />
Figure 11-2 shows that all of these items have titles, publishers, acquisition<br />
dates, catalog numbers, shelf location, loan status, and checkout limits.<br />
Some example attributes have been added to some of the derived classes.<br />
Note that audiobook could be derived from book, and newspaper and<br />
magazine could both be derived from an object called serial or<br />
periodical.
CHAPTER 11 Object-Oriented Development 171<br />
book<br />
author<br />
library item<br />
title<br />
publisher<br />
acquisition date<br />
catalog number<br />
shelf location<br />
loan status<br />
checkout limits<br />
magazine<br />
date<br />
pamphlet video<br />
11.1.2 POLYMORPHISM<br />
Fig. 11-2<br />
cd<br />
artist<br />
Polymorphism means ‘‘able to assume many forms.’’ It refers to functions that can<br />
deal with different versions or forms of the object or parameter list. In objectoriented<br />
software, it often means a function that can deal with the base type or a<br />
derived type. In the car/vehicle example, the base class will have polymorphic<br />
functions for tasks that all vehicles perform but may perform differently, such<br />
as turn corners. Each derived class will either use the base class function or provide<br />
a version that is suitable for the derived class.<br />
EXAMPLE 11.3<br />
Find the functions in the libraryproblem (Example 11.2) that can be common for all<br />
of the items and the functions that will have to be specialized for the derived class.<br />
Common—Checkout and check in functions (except maybe for checkout limitations).<br />
Specialized—Cataloging functions will differ.<br />
11.2 Identifying Objects<br />
One approach to identifying the requirements of a proposed system is to start with<br />
identifying the objects in the problem domain. These objects are usually nouns in<br />
the problem statement.<br />
11.2.1 THE NOUN-IN-TEXT APPROACH<br />
audiobook<br />
author<br />
newspaper<br />
date<br />
In the noun-in-text approach, all the nouns in the text are identified. Different<br />
nouns may be used for the same concept. These equivalent nouns and nouns<br />
associated with each concept should be sorted into groups. Some nouns will be<br />
related to the environment outside of the proposed system and may be removed.
172<br />
In each group, nouns representing the objects should be selected. Other nouns in<br />
the group may become attributes or may be discarded.<br />
EXAMPLE 11.4<br />
Use the noun-in-text-description method to identifythe objects from the following<br />
grocerystore problem:<br />
A grocerystore wants to automate its inventory. It has point-ofsale<br />
terminals that can record all of the items and quantities that<br />
a customer purchases. It has a similar terminal for the customer<br />
service desk to handle returns. It has another terminal in the<br />
loading dock to handle arriving shipments from suppliers. The<br />
meat department and the produce departments have terminals to<br />
enter losses/discounts due to spoilage.<br />
Nouns:<br />
grocerystore, inventory, point-of-sale terminals, items, quantities, customer,<br />
purchases, service desk, returns, loading dock, shipments, suppliers, meat<br />
department, produce department, losses, discounts<br />
Groups:<br />
grocerystore<br />
inventory, items, quantities, returns, losses, discounts<br />
shipments<br />
suppliers<br />
meat department, produce department<br />
customers<br />
Environment entities that are external to system:<br />
point-of-sale terminals, service desk, loading dock, meat department, produce<br />
department<br />
However, meat items and produce items should be included to reflect the<br />
different processing.<br />
There is a choice of whether customers are external to the system or the system<br />
knows and tracks customers. The decision is made to track customers.<br />
Final list of objects and attributes:<br />
grocery store<br />
inventory<br />
items with an attribute of quantity<br />
customer<br />
purchases<br />
returns<br />
shipments<br />
suppliers<br />
losses<br />
discounts<br />
meat items<br />
produce items<br />
See Fig. 11-3.<br />
CHAPTER 11 Object-Oriented Development
CHAPTER 11 Object-Oriented Development 173<br />
suppliers<br />
shipment<br />
grocery<br />
store<br />
name<br />
address<br />
inventory<br />
item<br />
quantity<br />
losses discount<br />
produce meat<br />
Fig. 11-3<br />
EXAMPLE 11.5<br />
Use the noun-in-text-description method to identifythe objects from the following<br />
familytree problem:<br />
Fred is studying genealogy and wants to build a program to store<br />
the information that he finds out about his family. He comes from<br />
a large familyand has lots of uncles, aunts, and cousins.<br />
It is not easyto applythe noun-in-text method to this example. The first sentence<br />
is motivation and onlythe noun ‘‘family’’ is relevant. The second sentence repeats<br />
the noun ‘‘family’’ and then lists nouns that are relationships between people. Unlike<br />
the previous example, these relations are not derived classes. An uncle is not a<br />
specialization of person; it is a relationship between persons.<br />
Familiaritywith the problem domain will be necessaryto identifythe objects. The<br />
good set of objects for this problem is familytree, person, and family. See Fig. 11-4.<br />
family tree<br />
family person<br />
Fig. 11-4<br />
11.2.2 IDENTIFYING INHERITANCE<br />
customer<br />
return purchase<br />
Inheritance is the ‘‘a-kind-of’’ relationship. The base class is the common object<br />
and the derived classes are the specialized instances of the common object. Atopdown<br />
approach is to identify objects that sometimes take special processing or
174<br />
CHAPTER 11 Object-Oriented Development<br />
sometimes have special attributes. This is usually an effective approach to finding<br />
inheritance.<br />
The opposite approach is also sometimes useful. It is a bottom-up approach,<br />
which is to group all similar items and look for the commonality. The intersection<br />
of all the similar items will become the base class.<br />
EXAMPLE 11.6<br />
Identifythe possible inheritance in the grocerystore (Example 11.4).<br />
A top-down approach would help to realize that the meat department and the<br />
produce department have special processing of the items. This would lead to a<br />
base class of items and derived classes of meat and produce. An expert in the<br />
domain of grocerystores could help to identifyall the other derived classes that<br />
can occur in a grocerystore.<br />
Additionally, a bottom-up approach would find the commonality among the<br />
objects losses, discount, return, and purchase. This suggests that those<br />
objects can be derived from an object transaction. See Fig. 11-5.<br />
suppliers<br />
shipment<br />
item<br />
quantity<br />
produce meat<br />
grocery<br />
store<br />
name<br />
address<br />
inventory<br />
11.2.3 IDENTIFYING REUSE<br />
transaction<br />
customer<br />
losses discount return purchase<br />
Fig. 11-5<br />
Reuse is one of the promises of object-oriented software. However, reuse rarely<br />
happens by itself. The first step in identifying reuse is a task called domain analysis.<br />
Domain analysis is the process of reviewing the problem domain to determining<br />
what objects and functions are common to all activities. Without good domain<br />
knowledge, it will be hard to identify what commonalities exist between all similar<br />
systems in that domain. For reuse to be effective, the parts that will be useful in<br />
multiple solutions in that domain must be identified. This means understanding<br />
the potential commonalities.<br />
Approaches to reuse can be top-down or bottom-up. Bottom-up approaches<br />
look for low- or middle-level classes that will be common in most solutions in that
CHAPTER 11 Object-Oriented Development 175<br />
domain. Top-down approaches see the commonality in the framework of the<br />
solution and the differences in the low-level objects.<br />
Unless reuse is a goal and identifying potential reuse and designing classes to be<br />
reusable is a top priority, reuse will be elusive.<br />
EXAMPLE 11.7<br />
Identifyreuse in the grocerystore domain (Examples 11.4 and 11.6).<br />
In the domain of grocerystores, it would seem that the commonalitywas in the<br />
low-level objects. Most grocerystores handle the same sort of items. Some<br />
middle-level activities would have a lot of commonality, for example, inventory<br />
systems, stocking, and tracking sales.<br />
11.2.4 USE CASE APPROACH<br />
Another approach to identifying the requirements of a proposed system is to start<br />
with identifying the scenarios. This approach views the activities as the best way to<br />
determine the necessary functionality and the objects needed to support that<br />
functionality.<br />
EXAMPLE 11.8<br />
Write scenarios for the grocerystore problem (Example 11.7). Develop a list of<br />
objects from the scenarios.<br />
Most of the scenarios will be based on general domain knowledge and are not<br />
derivable just from the short problem statement.<br />
Scenario 1: The inventoryis running low; the supplier is sent an order; the order<br />
arrives at the shipping dock; the items and quantities are entered into the<br />
inventory.<br />
Scenario 2: The customer buys groceries and checks out; the customer database<br />
is updated (the decision again is made to have the system track customers).<br />
Scenario 3: A new customer enters the store and is asked to fill out a new<br />
customer information form and receives the membership card.<br />
Scenario 4: The produce clerk inspects the produce and throws awaythe old<br />
lettuce; the inventoryis updated.<br />
From these scenarios, we can easilyidentifythe following objects:<br />
inventory, supplier, order, shipment, items, customer, membership<br />
card, produce item<br />
The inheritance relation between groceryitem (base class) and produce item<br />
(derived class) is clear.<br />
11.3 Identifying Associations<br />
After the objects in a domain are identified, the next step is to identify the associations<br />
between the objects. An association denotes a relationship between two<br />
objects. The different kinds of associations were described in Section 2.4. An<br />
association between objects means that in the implementation of the system,
176<br />
CHAPTER 11 Object-Oriented Development<br />
there will be a link between the objects. Thus, the importance of the associations is<br />
that the associations determine what access an object has to other objects. This<br />
access is essential to efficient implementation of functionality.<br />
There are different approaches for determining the associations between<br />
objects. One approach is to identify the associations that exist in the problem<br />
domain.<br />
EXAMPLE 11.9<br />
Develop associations for the familytree problem of Example 11.5.<br />
The problem statement mentions aunts, uncles, and cousins. These are all<br />
associations (relationships). Theyare not the primitive associations. The basic<br />
associations in genealogyare mother, father, and child. The inverse of<br />
each of these associations is marriage, marriage, and birthfamily,<br />
respectively.<br />
Additionally, there is an association (aggregation) from the top object, familytree,<br />
tomarriage and to person. These can be called marriages and<br />
people, respectively. See Fig. 11-6.<br />
marriages<br />
family tree<br />
people<br />
birthfamily<br />
child<br />
family person<br />
mother marriage<br />
father birthfamily<br />
father<br />
marriges<br />
children marriage<br />
mother<br />
Fig. 11-6<br />
Another approach to identifying associations is to think about the functionality<br />
that is required. If one object is required to have functionality that requires access<br />
to other objects, then an association, or a sequence of associations, must exist<br />
between those objects.<br />
EXAMPLE 11.10<br />
A college wants a system that handles the courses, sections of courses, and<br />
students. Draw an object model and identifythe associations between the<br />
objects.<br />
The college will need to access the students for printing out student information.<br />
To print out courses taken bystudents, there needs to be access from students to<br />
sections. To print out the line schedule that prints the sections that are available,<br />
there needs to be access to courses and then to sections for each course. See<br />
Fig. 11-7.
CHAPTER 11 Object-Oriented Development 177<br />
students<br />
student<br />
taken by<br />
college<br />
Fig. 11-7<br />
11.3.1 EXISTENCE DEPENDENCY<br />
section<br />
courses<br />
course<br />
taking sections<br />
Another approach is to use the existence dependency (Section 2.4.1) relationship<br />
between objects to determine the required associations. Two objects have an<br />
existence dependency relationship if the existence of the child object is dependent<br />
on exactly one instance of the parent object. This means that the parent instance<br />
exists before the child instance is created and the child instance is deleted before<br />
the parent instance is deleted.<br />
EXAMPLE 11.11<br />
Use existence dependencyto structure the associations in the libraryexample,<br />
Example 2.6.<br />
Neither book nor person is existence dependent on library. However, their<br />
participation in the libraryin terms of patron and copy, respectively, does satisfy<br />
the existence dependencyrequirements. See Fig. 11-8.<br />
person<br />
library<br />
book<br />
name<br />
title<br />
address<br />
author<br />
patron<br />
patron #<br />
checked<br />
out<br />
loan<br />
loan status<br />
Fig. 11-8<br />
checked<br />
out<br />
copy<br />
status<br />
book
178<br />
EXAMPLE 11.12<br />
Use existence dependencyto determine the association in the student section<br />
problem of Example 11.10.<br />
The object model developed in Example 11.10 does not satisfythe existence<br />
dependencyrules, since section cannot be existence dependent on student or<br />
vice versa. Thus, an additional object called enrollment must be used. See Fig.<br />
11-9.<br />
11.4 Identifying Multiplicities<br />
CHAPTER 11 Object-Oriented Development<br />
students<br />
student<br />
taken by<br />
college<br />
enrollment<br />
Fig. 11-9<br />
section<br />
taking<br />
sections<br />
courses<br />
course<br />
Multiplicities are restrictions on the associations between instances of objects. The<br />
multiplicity is specified by an expression at the end of the association. The expression<br />
can be a single value, a range of values, or a list of ranges or single values. In<br />
the range, the two values are separated by two periods.<br />
The problem domain often has restrictions on how many relationships an<br />
instance of an object can have with instances of other objects.<br />
TEAMFLY<br />
EXAMPLE 11.13<br />
Use multiplicities to restrict how manytimes a copyof a book can be borrowed at<br />
a given time.<br />
As shown in Fig. 11-10 the 0..1 at the loan end of the association restricts a<br />
copyto be participating in at most one loan relationship at a time. The 1 at the<br />
copyend of the association requires a loan to have exactlyone association with a<br />
copy. That is, there cannot be a loan without exactlyone copyassociated with the<br />
loan.<br />
The check-out association restricts the loan instance to be associated with<br />
exactlyone patron. The patron can have the association with zero or more loan<br />
instances.
CHAPTER 11 Object-Oriented Development 179<br />
patron<br />
patron #<br />
check<br />
out<br />
EXAMPLE 11.14<br />
Determine the multiplicities for the student-section problem from Example 11.12.<br />
All instances have to be related to exactlyone parent instance. All parents have<br />
to be related to 1 to n child instances. For example, a college without courses is<br />
not allowed (bythis model). For example, 0.. , specifies that there can be zero or<br />
more relationships. And, everycourse has to be associated with one college.<br />
See Fig. 11-11.<br />
students<br />
1..n<br />
student<br />
Review Questions<br />
1. Why is a Ford automobile a specialization of a car and an engine is not?<br />
2. What is the difference between an object and an attribute?<br />
3. What are the goals of domain analysis?<br />
1<br />
1 checked<br />
out<br />
1<br />
loan<br />
0..* loan status 0..1<br />
1<br />
Fig. 11-10<br />
college<br />
taken by<br />
1..n 1..n<br />
enrollment<br />
1<br />
sections<br />
1..n<br />
section<br />
1<br />
taking<br />
Fig. 11-11<br />
copy<br />
status<br />
courses<br />
1..n<br />
course<br />
1
180<br />
Problems<br />
CHAPTER 11 Object-Oriented Development<br />
1. Identify the objects from the following B&B problem statement:<br />
Tom and Sue are starting a bed-and-breakfast in a small New England<br />
town. They will have three bedrooms for guests. They want a system to<br />
manage the reservations and to monitor expenses and profits. When a<br />
potential customer calls for a reservation, they will check the calendar,<br />
and if there is a vacancy, they will enter the customer name, address,<br />
phone number, dates, agreed upon price, credit card number, and room<br />
number(s). Reservations must be guaranteed by 1 day’s payment.<br />
Reservations will be held without guarantee for an agreed upon time. If<br />
not guaranteed by that date, the reservation will be dropped.<br />
2. Identify the objects from the following dental office problem statement:<br />
Tom is starting a dental practice in a small town. He will have a dental<br />
assistant, a dental hygienist, and a receptionist. He wants a system to<br />
manage the appointments.<br />
When a patient calls for an appointment, the receptionist will check the<br />
calendar and will try to schedule the patient as early as possible to fill in<br />
vacancies. If the patient is happy with the proposed appointment, the<br />
receptionist will enter the appointment with patient name and purpose of<br />
appointment. The system will verify the patient name and supply necessary<br />
details from the patient records including the patient’s ID number. After<br />
each exam or cleaning, the hygienist or assistant will mark the appointment<br />
as completed, add comments, and then schedule the patient for the next<br />
visit if appropriate.<br />
The system will answer queries by patient name and by date. Supporting<br />
details from the patient’s records are displayed along with the appointment<br />
information. The receptionist can cancel appointments. The receptionist<br />
can print out a notification list for making reminder calls 2 days before<br />
appointments. The system includes the patient’s phone numbers from the<br />
patient records. The receptionist can also print out daily and weekly work<br />
schedules with all the patients.<br />
3. Draw an object model for the B&B problem (Problem 11.1).<br />
4. Draw an object model for the dental office problem (Problem 11.2).<br />
Answers to Review Questions<br />
1. Why is a Ford automobile a specialization of a car and an engine is not?<br />
AFord automobile would have the same attributes and functions that a base class for<br />
cars would have. Thus, a Ford automobile could be derived from that car base class.
CHAPTER 11 Object-Oriented Development 181<br />
However, an engine is a part of a car and not a specialization of a car. There are many<br />
functions and attributes of cars that an engine would not have. Thus, an engine could<br />
not be derived from a car base class.<br />
2. What is the difference between an object and an attribute?<br />
An object is an entity, while an attribute is a characteristic of that object. For example, a<br />
person would be an object and the person’s height would be an attribute. Sometimes the<br />
distinction may be hard. In the person/height example, person may be a base class and<br />
there may be derived classes for tall person, short person, and medium-height person.<br />
3. What is the goal of domain analysis?<br />
The goal of domain analysis is to identify the parts that would be best to reuse in<br />
future systems. The approach is to find commonality among possible systems in the<br />
problem domain.<br />
Answers to Problems<br />
1. Identify the objects from the B&B problem statement.<br />
Objects<br />
bed-and-breakfast<br />
bedroom<br />
reservation<br />
calendar<br />
customer<br />
guarantee<br />
payment<br />
expense<br />
2. Identify the objects from the dental office problem statement.<br />
Objects<br />
dental office<br />
patients<br />
appointments<br />
calendar<br />
patient records<br />
notification list<br />
daily work schedule<br />
weekly work schedule
182<br />
3. Draw an object model for the B&B problem.<br />
See Fig. 11-12.<br />
1..n<br />
4. Draw an object model for the dental problem.<br />
See Fig. 11-13.<br />
CHAPTER 11 Object-Oriented Development<br />
1..n<br />
B&B<br />
calendar bedroom customer transaction<br />
1 1 1<br />
0..n 0..n 0..n<br />
reservation<br />
1 1<br />
1 1<br />
0..n<br />
Fig. 11-12. B&B object model.<br />
0..n<br />
payment expense<br />
1<br />
1<br />
1 1..n<br />
1..n<br />
notification list<br />
1..n<br />
daily<br />
calendar<br />
1<br />
0..n<br />
schedule<br />
1<br />
weekly<br />
dental office<br />
0..n 0..n<br />
appointment<br />
Fig. 11-13. Dentaloffice object model.<br />
patient<br />
1<br />
1<br />
patient records<br />
1
Object-Oriented Metrics<br />
12.1 Introduction<br />
The measurement of object-oriented software has the same goals (see Chapter 5)<br />
as the measurement of conventional software: trying to understand the characteristics<br />
of the software. Object-oriented refers to a programming language and programming<br />
style where the functions are encapsulated with the data. The<br />
encapsulation is accomplished by limiting the accessibility to the data to functions<br />
that ensure the integrity of the data. Additionally, object-oriented software<br />
involves inheritance and dynamic binding. Object-oriented software is suppose<br />
to model the real world and thus be easier to understand, easier to modify (maintain),<br />
and easier to reuse. However, much of the complexity of object-oriented<br />
software is not evident in the static structure of the source code. The area of<br />
object-oriented software measurement is a research area.<br />
The metrics presented in Sections 12.2 and 12.3 are the current view of what is<br />
significant. Chidamber and Kemerer proposed the metrics in Section 12.2. 1<br />
Section 12.3 presents the MOOD metrics. 2 Much further work will be necessary<br />
before there is consensus of which object-oriented metrics are useful.<br />
12.1.1 TRADITIONAL MEASUREMENT<br />
Measures from traditional software measurement could be applied. This might be<br />
useful within large functions. However, software measurement for non-objectoriented<br />
software uses the control flow graph (and variations such as the data<br />
flow graph) as the basic abstraction of the software. The control flow graph does<br />
not appear to be useful as an abstraction of object-oriented software. Little work<br />
1 Shyam Chidamber and Chris Kemerer, ‘‘AMetrics Suite for Object Oriented Design,’’ IEEE TOSE<br />
(Transactions on Software Engineering) 20:6 June 1994, 476–493.<br />
2 Rachel Harrison, Steve Counsell, and Reuben Nithi, ‘‘An Evaluation of the MOOD Set of Object-Oriented<br />
Software Metrics,’’ IEEE TOSE 24:6 June 1998, 491–496.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
183
184<br />
CHAPTER 12 Object-Oriented Metrics<br />
has been published evaluating the use of McCabe’s cyclomatic number or<br />
Halstead’s software science in object-oriented software development. The intuitive<br />
problem with applying the traditional software metrics is that the complexity of<br />
object-oriented software does not appear to be in the control structure.<br />
12.1.2 OBJECT-ORIENTED ABSTRACTIONS<br />
In most object-oriented software, the methods are small and the number of decisions<br />
in a method is often small. Most of the complexity appears to be in the<br />
calling patterns among the methods. There has been little work in this area, and<br />
there is little agreement on which abstractions are significant. The more common<br />
abstractions in object-oriented software development are the diagrams used in the<br />
Unified Modeling Language (UML).<br />
12.2 Metrics Suite for Object-Oriented Design<br />
The Metric Suite for Object-Oriented Design is intended to be a comprehensive<br />
approach to evaluating the classes in a system. Most of these are calculated on a<br />
per class basis. That is, none of these evaluate the system as a whole. It is not clear<br />
how to extend these metrics to the whole system. Averaging them over the classes<br />
in a system is usually not appropriate.<br />
12.2.1 METRIC 1: WEIGHTED METHODS PER CLASS (WMC)<br />
The weighted methods per class metric is based on the intuition that the number of<br />
methods per class is a significant indication of the complexity of the software.<br />
Further consideration may be necessary to avoid giving full weight to trivial<br />
methods, for example, get and set methods. The WMC includes the provision<br />
for weighting the methods. Let C be a set of classes each with the number of<br />
methods M 1; ..., M n. Let c 1; ..., c n be the complexity (weights) of the classes (the<br />
value that is to be used for c i is not defined in the paper).<br />
WMC ¼ 1<br />
n<br />
X n<br />
i¼0<br />
c i M i<br />
This is the only metric in the suite that is averaged over the classes in a system.<br />
In the examples, we will assume c i is equal to 1.<br />
12.2.2 METRIC 2: DEPTH OF INHERITANCE TREE (DIT)<br />
The depth of inheritance tree metric is just the maximum length from any node to<br />
the root of the inheritance tree for that class. Inheritance can add to complexity of<br />
software. This metric is calculated for each class.
CHAPTER 12 Object-Oriented Metrics 185<br />
12.2.3 METRIC 3: NUMBER OF CHILDREN (NOC)<br />
Not only is the depth of the inheritance tree significant, but the width of the<br />
inheritance tree. The number of children metric is the number of immediate subclasses<br />
subordinated to a class in the inheritance hierarchy. This metric is calculated<br />
for each class.<br />
12.2.4 METRIC 4: COUPLING BETWEEN OBJECT CLASSES<br />
(CBO)<br />
Coupling between modules has always been a concern (see Section 9.5). In objectoriented<br />
software, we can define coupling as the use of methods or attributes in<br />
another class. Two classes will be considered coupled when methods declared in<br />
one class use methods or instance variables defined by the other class. Coupling is<br />
symmetric. If class Ais coupled to class B, then B is coupled to A. The coupling<br />
between object classes (CBO) metric will be the count of the number of other<br />
classes to which it is coupled.<br />
This metric is calculated for each class.<br />
12.2.5METRIC 5: RESPONSE FOR A CLASS (RFC)<br />
The response set of a class, {RS}, is the set of methods that can potentially be<br />
executed in response to a message received by an object of that class. It is the<br />
union of all methods in the class and all methods called by methods in the class. It<br />
is only counted on one level of call.<br />
This metric is calculated for each class.<br />
RFC ¼jRSj<br />
12.2.6 METRIC 6: LACK OF COHESION IN METHODS<br />
(LCOM)<br />
Amodule (or class) is cohesive if everything is closely related. The lack of cohesion<br />
in methods metric tries to measure the lack of cohesiveness.<br />
Let I i be the set of instance variables used by method i.<br />
Let P be set of pairwise null intersections of I i.<br />
Let Q be set of pairwise nonnull intersections.<br />
The LCOM metric can be visualized by considering a bipartite graph. One set<br />
of nodes consists of the attributes, and the other set of nodes consists of the<br />
functions. An attribute is linked to a function if that function accesses or sets<br />
that attribute. The set of arcs is the set Q. If there are n attributes and m functions,<br />
then there are a possible n m arcs. So, the size of P is n m minus the size of Q.<br />
LCOM ¼ maxðjPj jQj; 0Þ
186<br />
This metric is calculated on a class basis.<br />
CHAPTER 12 Object-Oriented Metrics<br />
EXAMPLE 12.1<br />
Calculate the Chidamber suite of metrics on the following example Cþþ program<br />
that provides a link list of rectangles:<br />
class point {<br />
float x;<br />
float y;<br />
public:<br />
point(float newx, float newy) {x=newx; y=newy;}<br />
getx(){return x;}<br />
gety(){return y;}<br />
};<br />
class rectangle {<br />
point pt1, pt2, pt3, pt4;<br />
public:<br />
rectangle(float pt1x, pt1y, pt2x, pt2y, pt3x, pt3y, pt4x, pt4y)<br />
{ pt1 = new point(pt1x, pt1y); pt2 = new point(pt2x, pt2y);<br />
pt3 = new point(pt3x, pt3y); pt4 = new point(pt4x, pt4y);}<br />
float length(point r, point s){return sqrt((r.getx() s.getx())^2+<br />
(r.gety() s.gety())^2); }<br />
float area(){return length(pt1,pt2) length(pt1,pt3);}<br />
};<br />
class linklistnode {<br />
rectangle* node;<br />
linklistnode* next;<br />
public:<br />
linklistnode(rectangle* newRectangle){node=newRectangle; next=0;}<br />
linklistnode* getNext(){return next;}<br />
rectangle* getRectangle(){return node;}<br />
void setnext(linklistnode* newnext){next=newnext;}<br />
};<br />
class rectanglelist {<br />
linklistnode* top;<br />
public:<br />
rectanglelist(){top = 0;}<br />
void addRectangle(float x1, y1, x2, y2, x3, y3, x4, y4) {<br />
linklistnode* tempLinkListNode; rectangle* tempRectangle;<br />
tempRectangle = new rectangle(x1,y1,x2,y2,x3,y3,x4,y4);<br />
tempLinkListNode = new linkListNode(tempRectangle);<br />
tempLinkListNode->setnext(top);<br />
top=tempLinkListNode; }<br />
float totalArea(){float sum; sum=0; linklistnode* temp; temp=top;<br />
while (temp !=0){sum=sum + temp->getRectangle()->area();<br />
temp=temp->getNext();}<br />
return sum;}<br />
};
CHAPTER 12 Object-Oriented Metrics 187<br />
Metric 1: Weighted Methods per Class<br />
Class # Methods<br />
point 3<br />
rectangle 3<br />
linklistnode 4<br />
rectanglelist 3<br />
WMC ¼ 13=4 ¼ 3:25 methods=class<br />
Metric 2: Depth of Inheritance Tree (DIT)<br />
There is no inheritance in this example.<br />
Metric 3: Number of Children (NOC)<br />
There is no inheritance in this example.<br />
Metric 4: Coupling between Object Classes (CBO)<br />
See Fig. 12-1.<br />
rectangle<br />
length<br />
area<br />
rectanglelist<br />
addRectangle<br />
totalArea<br />
point<br />
getx<br />
gety<br />
Fig. 12-1<br />
linkistnode<br />
getNext<br />
getRectangle<br />
setNext<br />
The class diagram is annotated with arrows to show which functions (or<br />
constructors) are called byeach function (onlycalls in other classes are shown).<br />
Class Coupled Classes CBO<br />
point rectangle 1<br />
rectangle point, rectanglelist 2<br />
linklistnode rectanglelist 1<br />
rectanglelist rectangle, linklistnode 2
188<br />
Metric 5: Response for a Class (RFC)<br />
Class Response Set RFC<br />
point point, getx, gety 3<br />
rectangle rectangle, point,<br />
length, getx, gety,<br />
area<br />
linklistnode linkListNode,<br />
getNext,<br />
getRectangle,<br />
setNext<br />
rectanglelist rectangleList,<br />
addRectangle,<br />
rectangle, setNext<br />
totalArea,<br />
getRectangle, area,<br />
getNext<br />
Metric 6: Lack of Cohesion in Methods (LCOM)<br />
See Fig. 12-2.<br />
x<br />
y<br />
pt1<br />
pt2<br />
pt3<br />
pt4<br />
CHAPTER 12 Object-Oriented Metrics<br />
TEAMFLY<br />
getx<br />
gety<br />
point<br />
rect<br />
length<br />
area<br />
node<br />
The lines between length and the points are dashed because it depends on the<br />
parameters as to which ones are actuallyaccessed on a specific call.<br />
next<br />
top<br />
Fig. 12-2<br />
6<br />
4<br />
8<br />
linklistnode<br />
getRectangle<br />
getNext<br />
setNext<br />
rectanglelist<br />
addRectangle<br />
totalArea
CHAPTER 12 Object-Oriented Metrics 189<br />
Class LCOM<br />
point max(0,(6 4Þ 4Þ ¼0<br />
rectangle max(0,(12 9Þ 9Þ ¼0<br />
linklistnode max(0,(8 5Þ 5Þ ¼0<br />
rectanglelist max(0,(3 3Þ 3Þ ¼0<br />
12.3 The MOOD Metrics<br />
The MOOD (see page 183) suite of metrics is also intended as a complete set that<br />
measures the attributes of encapsulation, inheritance, coupling, and polymorphism<br />
of a system.<br />
Let TC be the total number of classes in the system.<br />
Let M d (C i) be the number of methods declared in a class.<br />
Consider the predicate Is_visible(Mm,i,Cj), where Mm,i is the method m in class i<br />
and Cj is the class j. This predicate is 1 if i !¼ j and Cj may call Mm,i. Otherwise,<br />
the predicate is 0. For example, a public method in Cþþ is visible to all other<br />
classes. Aprivate method in Cþþ is not visible to other classes.<br />
The visibility,V(Mm,i), of a method, Mm,i, is defined as follows:<br />
VðM m;iÞ ¼<br />
12.3.1 ENCAPSULATION<br />
X TC<br />
j¼1<br />
Is_visibleðM m;i; C jÞ<br />
TC 1<br />
The method hiding factor (MHF) and the attribute hiding factor (AHF) attempt to<br />
measure the encapsulation.<br />
MHF ¼<br />
AHF ¼<br />
P M<br />
TC PdðC<br />
iÞ<br />
i¼1<br />
m¼1<br />
PTC i¼1<br />
P A<br />
TC PdðC<br />
iÞ<br />
i¼1<br />
m¼1<br />
PTC i¼1<br />
ð1 VðM m;iÞ<br />
M dðC iÞ<br />
ð1 VðA m;iÞ<br />
A dðC iÞ
190<br />
EXAMPLE 12.2<br />
Calculate MHF and AHF for the following C++ code:<br />
Class A{<br />
int a;<br />
public:<br />
void x();<br />
void y();<br />
};<br />
Class B {<br />
int b;<br />
int bb;<br />
void w();<br />
public:<br />
void z():<br />
};<br />
Class C {<br />
int c;<br />
void v();<br />
};<br />
TC = 3<br />
CHAPTER 12 Object-Oriented Metrics<br />
method is_vis(A) is_vis(B) is_vis(C) V(M m,i)<br />
A::x() 0 1 1 1<br />
A::y() 0 1 1 1<br />
B::w() 0 0 0 0<br />
B::z() 1 0 1 1<br />
C::v() 0 0 0 0<br />
MHF = 2/5 = 0.4<br />
attribute is_vis(A) is_vis(B) is_vis(C) V(A m,i)<br />
A::a() 0 0 0 0<br />
B::b() 0 0 0 0<br />
B::bb() 0 0 0 0<br />
C::c() 0 0 0 0<br />
AHF = 4/4 = 1.0
CHAPTER 12 Object-Oriented Metrics 191<br />
12.3.2 INHERITANCE FACTORS<br />
There are two measures of the inheritance, the method inheritance factor (MIF)<br />
and the attribute inheritance factor (AIF).<br />
M dðC iÞ¼Number of methods declared in a class i<br />
M iðC iÞ¼Number of methods inherited (and not overridden) in a class i<br />
M aðC iÞ¼M dðC iÞþM iðC iÞ¼Number of methods that can be invoked in association<br />
with class i<br />
MIF ¼<br />
X TC<br />
i¼1<br />
XTC i¼1<br />
M iðC iÞ<br />
M aðC iÞ<br />
A dðC iÞ¼Number of attributes declared in a class i<br />
A iðC iÞ¼Number of attributes from base classes that are accessible in a class i<br />
A aðC iÞ¼A dðC iÞþA iðC iÞ¼Number of attributes that can be accessed in association<br />
with class i<br />
AIF ¼<br />
X TC<br />
i¼1<br />
XTC i¼1<br />
A iðC iÞ<br />
A aðC iÞ<br />
EXAMPLE 12.3<br />
Calculate MIF and AIF from the following C++ code:<br />
Class A{<br />
protected:<br />
int a;<br />
public:<br />
void x();<br />
virtual void y();<br />
};<br />
Class B public A {<br />
int b;<br />
protected:<br />
int bb;<br />
public:<br />
void z():<br />
void y();<br />
void w();<br />
};<br />
Class C public B {<br />
int c;<br />
void v();<br />
};
192<br />
class Md Mi Ad Ai<br />
A x(),y() none a none<br />
B w(),z(),y() A::x() b,bb A::a<br />
C v() B::w(),z(),y c B::bb<br />
12.3.3 COUPLING FACTOR<br />
CHAPTER 12 Object-Oriented Metrics<br />
A::x()<br />
MIF ¼ 5=11 AIF ¼ 2=6<br />
The coupling factor (CF) measures the coupling between classes excluding coupling<br />
due to inheritance.<br />
Let is_client(c i,c jÞ¼1 if class i has a relation with class j; otherwise, it is zero.<br />
The relation might be that class i calls a method in class j or has a reference to class<br />
j or to an attribute in class j. This relationship cannot be inheritance.<br />
CF ¼<br />
XTC XTC i¼1<br />
j¼1<br />
is_clientðc i; c jÞ<br />
TC 2 TC<br />
EXAMPLE 12.4<br />
Calculate the coupling factor on the object model shown in Fig. 12-3 for the bedand-breakfast<br />
problem (Problem 11.4). Onlyassume a relationship if it is required<br />
bythe associations shown on the diagram.<br />
1<br />
1<br />
B&B<br />
1<br />
1<br />
1..n<br />
1..n<br />
0..n<br />
0..n<br />
calendar bedroom customer<br />
transaction<br />
1<br />
0..n<br />
1<br />
0..n 0..n<br />
reservation<br />
1<br />
Fig. 12-3<br />
payment expense
CHAPTER 12 Object-Oriented Metrics 193<br />
TC ¼ 7<br />
Class is_client classes<br />
B&B calendar, bedroom, customer, transaction<br />
calendar reservation<br />
bedroom reservation<br />
customer reservation<br />
transaction none<br />
payment none<br />
expense none<br />
CF ¼ 7=42<br />
12.3.4 POLYMORPHISM FACTOR<br />
The polymorphism factor (PF) is a measure of the potential for polymorphism.<br />
Let MoðCiÞ be the number of overriding methods in class i.<br />
Let MnðCiÞ be the number of new methods in class i.<br />
Let DCðCiÞ be the number of descendants of class i.<br />
PTC i¼1 PF ¼<br />
MoðCiÞ PTC i¼1½MnðCiÞ DCðCiÞŠ EXAMPLE 12.5<br />
Calculate the polymorphism factor on the Cþþ code from Example 12.3.<br />
Class Mn Mo DC<br />
Ax(),y() none 2<br />
B w(),z() y() 1<br />
C v() none 0<br />
PF ¼ 1=ð2 2 þ 2 1 þ 1 0Þ ¼1=6
194<br />
Review Questions<br />
1. Why are McCabe’s cyclomatic number and Halstead’s software science not readily<br />
applicable to object-oriented software?<br />
2. What abstractions are available in object-oriented design to be used as the basis of<br />
object-oriented metrics?<br />
3. When should a metric for a whole system be different than either the sum or the<br />
average of metrics calculated for each class?<br />
4. Is a high LCOM good or bad?<br />
5. Some people have suggested that, in LCOM, just using the difference between the size<br />
of P and Q. That is, the use of the maximum of zero and this difference is not effective.<br />
What would be the effect of this change?<br />
Problems<br />
1. Calculate the Chidamber metrics for the following code that maintains an array of<br />
people/students:<br />
class person{<br />
char* name;<br />
char* ssn;<br />
public:<br />
person(){name = new char[NAMELENGTH]; ssn = new<br />
char[SSNLENGTH];}<br />
~person(){delete name; delete ssn;}<br />
void addName(char* newname){strcpy(name, newname);}<br />
void addSsn(char* newssn){strcpy(ssn, newssn);}<br />
char* getName(){return name;}<br />
void virtual display(){cout
CHAPTER 12 Object-Oriented Metrics 195<br />
class personlist {<br />
person* list[MAX];<br />
int listIndex;<br />
public:<br />
personlist(){listIndex = 0;}<br />
void addPerson(char* newname, char*<br />
newssn){list[listIndex]=new person;<br />
list[listIndex]->addName(newname); list[listIndex]<br />
->addSsn(newssn);<br />
listIndex++;}<br />
void addStudent(char* newname, char* newssn, float gpa)<br />
{student* temp = new student;<br />
temp->addName(newname); temp->addSsn(newssn);<br />
temp->addGpa(newgpa);list[listIndex++]=temp;}<br />
void display(){int j; for(j=0; jdisplay();}<br />
};<br />
Answers to Review Questions<br />
1. Why are McCabe’s cyclomatic number and Halstead’s software science not readily<br />
applicable to object-oriented software?<br />
These two metrics are based on the size and complexity of an algorithm written as a<br />
single function. Object-oriented functions are usually spread over a number of methods,<br />
often in different classes. Each object-oriented function is often small and relatively<br />
simple. Thus, these two metrics will probably not give a good measure of the<br />
complexity of the object-oriented system.<br />
2. What abstractions are available in object-oriented design to be used as the basis of<br />
object-oriented metrics?<br />
The standard abstractions are the UML diagrams: object models, use case diagrams,<br />
state models, and sequence diagrams. None of these appear to capture the essential<br />
notion of complexity in object-oriented software.<br />
3. When should a metric for a whole system be different than either the sum or the<br />
average of metrics calculated for each class?<br />
If the metric for the individual class is basically a size metric, such as LOC or number<br />
of children, then it would make sense to sum those individual metric values to obtain a<br />
metric value for the whole system or an average size per class. If the individual class<br />
metric was an average, then an average of the averages might be reasonable—for<br />
instance, the average number of parameters per function.
196<br />
However, neither the sum nor the average will be a good metric of the interactions<br />
between classes.<br />
4. Is a high LCOM good or bad?<br />
Bad, since it implies a high lack of cohesion.<br />
5. Some people have suggested that, in LCOM, just using the difference between the size<br />
of P and Q. That is, the use of maximum of zero and this difference is not effective.<br />
What would be the effect of this change?<br />
It would allow discrimination between the more cohesive classes. Now a cohesive class<br />
just maps to zero.<br />
Answers to Problem<br />
1. Calculate the Chidamber metrics for the code from the problem statement that maintains<br />
an array of people/students.<br />
Metric 1: Weighted Methods per Class<br />
Class # Methods<br />
person 6<br />
student 2<br />
personlist 4<br />
Note that the inherited functions were not counted.<br />
WMC ¼ 12=3 ¼ 4 methods=class<br />
Metric 2: Depth of Inheritance Tree (DIT)<br />
CHAPTER 12 Object-Oriented Metrics<br />
Class DIT<br />
person 0<br />
student 1<br />
personlist 0
CHAPTER 12 Object-Oriented Metrics 197<br />
Metric 3: Number of Children (NOC)<br />
Class NOC<br />
person 1<br />
student 0<br />
personlist 0<br />
Metric 4: Coupling between Object Classes (CBO)<br />
See Fig. 12-4.<br />
person<br />
addName<br />
addSsn<br />
getName<br />
display<br />
personlist<br />
addPerson<br />
addStudent<br />
display<br />
Fig. 12-4<br />
The class diagram is annotated with arrows to show which functions (or constructors)<br />
are called by each function (only calls in other classes are shown).<br />
Class Coupled Classes CBO<br />
person student, personlist 2<br />
student person, personlist 2<br />
personlist person, student 2<br />
student<br />
addGpa<br />
display
198<br />
Metric 5: Response for a Class (RFC)<br />
Class Response Set RFC<br />
person person, addName, addSssm getName, display 5<br />
student student, addGpa, person, getName 6<br />
personlist personlist, addPerson, addStudent, addName, addSsn, addGpa, display 7<br />
Metric 6: Lack of Cohesion in Methods (LCOM)<br />
See Fig. 12-5.<br />
name<br />
ssn<br />
CHAPTER 12 Object-Oriented Metrics<br />
addName<br />
addSsn<br />
getName<br />
display<br />
list<br />
listIndex<br />
gpa<br />
TEAMFLY<br />
Fig. 12-5<br />
Class LCOM<br />
person max(0,(8 5Þ 5Þ ¼0<br />
student max(0,(2 2Þ 2Þ ¼0<br />
personlist max(0,(6 6Þ 6Þ ¼0<br />
addGpa<br />
display<br />
addPerson<br />
addStudent<br />
display
Object-Oriented Testing<br />
13.1 Introduction<br />
Testing object-oriented software presents some new challenges. Many conventional<br />
techniques are still appropriate. For example, functional testing of objectoriented<br />
software will be no different from functional testing of conventional<br />
software. Test cases will be developed based on the required functionality as<br />
described in the requirement documentation. However, structural testing of<br />
object-oriented software will be very different. Two structural testing approaches<br />
will be covered: MM testing and function pair testing<br />
Conventional Software<br />
The testing of conventional software is often based on coverage criteria defined on<br />
the structure of the software. The standard approaches (see Chapter 10) include<br />
statement coverage, branch coverage, and data flow coverage. These coverage<br />
criteria are based on the control flow diagram or a modified control flow diagram.<br />
Object-Oriented Software<br />
Object-oriented software adds a new complexity to software testing. The control<br />
flow diagram is no longer a good representation of the structure of the software. It<br />
would be more appropriate to base structural testing on an object model.<br />
However, no effective coverage measures of object models have been found.<br />
The methods in the class should be tested with the techniques already presented.<br />
The same coverage criteria can be applied to object-oriented software. Intuitively,<br />
however, the statement and branch coverage criteria do not seem appropriate for<br />
thoroughly testing the complexities of object-oriented software. The interactions<br />
between methods need to be tested.<br />
One approach to object-oriented testing is to cover all the calls to methods. This<br />
is sometimes called MM testing.<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
199
200<br />
13.2 MM Testing<br />
CHAPTER 13 Object-Oriented Testing<br />
The MM testing (method-message) coverage requires that every method call be<br />
tested. Thus, in every method, every call to another method must be tested at least<br />
once. If a method calls another method multiple times, each calls needs to be<br />
tested only once. This seems to be the most basic coverage criterion. The MM<br />
testing does not subsume every-statement coverage (see Section 10.3.1).<br />
EXAMPLE 13.1<br />
Identifythe MM testing coverage for the linked list of rectangles problem.<br />
class point {<br />
float x;<br />
float y;<br />
public:<br />
point(float newx, float newy) {x=newx; y=newy;}<br />
getx(){return x;}<br />
gety(){return y;}<br />
};<br />
class rectangle {<br />
point pt1, pt2, pt3, pt4;<br />
public:<br />
rectangle(float pt1x, pt1y, pt2x, pt2y, pt3x, pt3y, pt4x, pt4y)<br />
{ pt1 = new point(pt1x, pt1y); pt2 = new point(pt2x, pt2y);<br />
pt3 = new point(pt3x, pt3y); pt4 = new point(pt4x, pt4y);}<br />
float length(point r, point s){return sqrt((r.getx()-s.getx())^2+<br />
(r.gety()-s.gety())^2); }<br />
float area(){return length(pt1,pt2) * length(pt1,pt3);}<br />
};<br />
class linklistnode {<br />
rectangle* node;<br />
linklistnode* next;<br />
public:<br />
linklistnode(rectangle* newRectangle){node=newRectangle; next=0;}<br />
linklistnode* getNext(){return next;}<br />
rectangle* getRectangle(){return node;}<br />
void setnext(linklistnode* newnext){next=newnext;}<br />
};<br />
class rectanglelist {<br />
linklistnode* top;<br />
public:<br />
rectanglelist(){top = 0;}<br />
void addRectangle(float x1, y1, x2, y2, x3, y3, x4, y4) {<br />
linklistnode* tempLinkListNode; rectangle* tempRectangle;<br />
tempRectangle = new rectangle(x1,y1,x2,y2,x3,y3,x4,y4);<br />
tempLinkListNode = new linkListNode(tempRectangle);<br />
tempLinkListNode->setnext(top);<br />
top=tempLinkListNode; }<br />
float totalArea(){float sum; sum=0; linklistnode* temp; temp=top;<br />
while (temp !=0){sum=sum + temp->getRectangle()->area();<br />
temp=temp->getNext();}<br />
return sum;}<br />
};
CHAPTER 13 Object-Oriented Testing 201<br />
The calling structure is shown in the following. For each class, the functions of<br />
that class are listed and then for each function that calls other functions, those<br />
called functions are listed. For MM testing, everyone of those calls must be<br />
executed. For example, four calls to point will be made. No decisions are shown;<br />
however, in this program, there are no decisions that affect the calling sequence.<br />
class point<br />
point()<br />
getx()<br />
gety()<br />
class rectangle<br />
rectangle()<br />
point::point()<br />
point::point()<br />
point::point()<br />
point::point()<br />
length()<br />
point::getx()<br />
point::getx()<br />
point::gety()<br />
point::gety()<br />
area()<br />
length()<br />
length()<br />
class linklistnode<br />
linklistnode()<br />
getNext()<br />
getRectangle()<br />
setnext()<br />
class rectanglelist<br />
rectanglelist()<br />
addRectangle()<br />
rectangle::rectangle()<br />
linklistnode::linklistnode()<br />
linklistnode::setnext()<br />
totalArea()<br />
linklistnode::getRectangle()<br />
rectangle::area()<br />
linklistnode::getNext()<br />
MM testing: Anytest case that builds at least one rectangle and then gets the total<br />
area will execute all of these calls.<br />
13.3 Function Pair Coverage<br />
Function pair coverage requires that for all possible sequences of method executions,<br />
those of length two must be tested. This is usually done based on a state<br />
machine diagram or on a regular expression showing the possible method<br />
executions.
202<br />
Since a regular expression can be mapped to a finite state machine, these two<br />
approaches are equivalent. Although the finite state machine used to describe the<br />
behavior of a software system may not be minimal, having additional states will<br />
increase the effectiveness of the test set.<br />
EXAMPLE 13.2<br />
Identifythe function pair testing coverage for the linked list of rectangles program<br />
of Example 13.1. Consider the calling structure of the functions.<br />
class point<br />
point()<br />
getx()<br />
gety()<br />
class rectangle<br />
rectangle()<br />
point()point()point()point()<br />
length()<br />
getx()getx()gety()gety()<br />
area()<br />
length()length()<br />
class linklistnode<br />
linklistnode()<br />
getNext()<br />
getRectangle()<br />
setnext()<br />
class rectanglelist<br />
rectanglelist()<br />
addRectangle()<br />
rectangle()linklistnode()setnext()<br />
totalArea()<br />
(getRectangle()area()getNext())*<br />
CHAPTER 13 Object-Oriented Testing<br />
Most of the regular expressions for the individual functions have a fixed list of<br />
method calls. Onlythe totalArea function is zero-or-more repetition from the<br />
while loop.<br />
Putting all of these together into one regular expression and considering that the<br />
rectanglelist has to be created first and then addRectangle or totalArea<br />
could be done gives the following regular expression:<br />
rectanglelist ((addRectangle rectangle point point point point<br />
linklistnode setnext) | (totalArea (getRectangle area length getx getx<br />
gety gety length getx getx gety gety getNext)*)<br />
The function pair testing can be achieved bythe following test sets:<br />
1. Creating one rectangle, and then calculating the area<br />
2. Creating two or more rectangles, and then calculating the area<br />
3. Not creating anyrectangles, and then calculating the area<br />
4. Creating rectangles after calculating the area
CHAPTER 13 Object-Oriented Testing 203<br />
EXAMPLE 13.3<br />
Identifythe function pair testing coverage for the finite stack example shown in the<br />
state machine in Fig. 13-1. The error transitions are shown as arcs without<br />
destination states.<br />
New<br />
Push<br />
Empty NormalFu l<br />
Pop<br />
Pop<br />
Pop<br />
Push<br />
Push pop<br />
Fig. 13-1<br />
This example would require the following pairs in the tests:<br />
1. new pop(on empty– error)<br />
2. new push<br />
3. push (from empty) push<br />
4. push (from empty) pop<br />
5. push (from normal to normal) push (still in normal)<br />
6. push (from normal to normal) push (into full)<br />
7. push (from normal to normal) pop<br />
8. push (from normal to full) push (error)<br />
9. push (from normal to full) pop<br />
10. pop (from normal to normal) push (still in normal)<br />
11. pop (from normal to normal) pop (still in normal)<br />
12. pop (from normal to normal) pop (into empty)<br />
13. pop (into empty) push<br />
14. pop (into empty) pop (error)<br />
Push<br />
EXAMPLE 13.4<br />
Identifythe function pairs that need to be covered for function pair testing coverage<br />
for the following code example. Create the regular expression for each function<br />
that has method calls within its bodyand for the whole program.<br />
class D {<br />
int x;<br />
int Db(int s) {return 2*s;}<br />
int Dc(int s) {return s;}<br />
public:<br />
D(){x=0;}<br />
int Da(int s){if (x=1) {x=0; return Db(s);} else {x=1; return Dc(s);}}<br />
};<br />
class A {<br />
int x;<br />
int y;<br />
D* m;<br />
public:<br />
A(){m=new D;}<br />
virtual int Aa(int s){cout
204<br />
void add(int s, int u){x=s;y=u;}<br />
};<br />
class B {<br />
A* w[MAX];<br />
int z;<br />
int q;<br />
public:<br />
B() {z=0; q =1;}<br />
int Bread(){cin>>s>>u; if (z= MAX) return 0;<br />
if(sadd(s,u);}<br />
else {w[z]=new C; w[z]->add(u,s);w[z]->Atadd(s);}<br />
z++; return z;}<br />
int Ba(int s){q=w[s]->Aa(q); return q;}<br />
};<br />
class C public A{<br />
int t;<br />
public:<br />
int Aa(int r) {cout
CHAPTER 13 Object-Oriented Testing 205<br />
Review Questions<br />
1. How is functional testing of object-oriented software done?<br />
2. Is statement coverage of object-oriented software useful?<br />
3. Does MM testing subsume statement coverage? (See Section 10.3.1.)<br />
4. What is the advantage of function pair coverage?<br />
Problems<br />
1. Given the following code, generate test cases that satisfy the criteria of MM testing and<br />
every function pair testing:<br />
class Threes {<br />
char cout;<br />
public:<br />
Threes(){count = ’a’;}<br />
void PlusOne(){ if(count == ’a’) count = ’b’; if(count == ’b’)<br />
count = ’c’;<br />
if(count == ’c’) count = ’a’; }<br />
char* IsDiv() {if(count == ’a’){return ’yes’;}else{return<br />
’no’;}}<br />
}<br />
class Num {<br />
Threes* SumMod3; int last; int number;<br />
void Digit(int newnum){int j; for (j=1; jPlusOne();}<br />
public:<br />
Num(){SumMod3 = new Threes;}<br />
void Reduce() {while (number > 0){last = number – (number/<br />
10)*10;<br />
Digit(last); number = number/10;}<br />
char* IsDivisibleBy3(int newnum) {number = newnum; Reduce;<br />
return SumMod3->IsDiv();}<br />
}<br />
Main() {<br />
Num* Test = new Num;<br />
int value;<br />
char* answer;<br />
cin >> value;<br />
answer = test->IsDivisibleBy3(value);<br />
cout
206<br />
Answers to Review Questions<br />
1. How is functional testing of object-oriented software done?<br />
Functional testing of object-oriented software is no different from functional testing of<br />
conventional software.<br />
2. Is statement coverage of object-oriented software useful?<br />
Yes, statement coverage of object-oriented software should be done. It is probably the<br />
most minimal acceptable coverage.<br />
3. Does MM testing subsume statement coverage? (See Section 10.3.1.)<br />
No, MM testing requires that every method call be tested. However, a section of<br />
source code could not contain any method calls and thus not be tested by a set of<br />
test cases that achieve MM testing.<br />
4. What is the advantage of function pair coverage?<br />
Function pair coverage ensures that combinations of calls be executed. In the stack<br />
example (13.3), if the stack is called by an user interface, there may be only one call of<br />
each function. Thus, a simple sequence of create, push, andpop might achieve<br />
MM testing. Function pair coverage subsumes MM testing.<br />
Answers to Problems<br />
CHAPTER 13 Object-Oriented Testing<br />
1. Given the following code, generate test cases that satisfy the criteria of MM testing and<br />
every function pair testing:<br />
class Threes {<br />
char cout;<br />
public:<br />
Threes(){count = ’a’;}<br />
void PlusOne(){ if(count == ’a’) count = ’b’; if(count == ’b’)<br />
count = ’c’;<br />
if(count == ’c’) count = ’a’; }<br />
char* IsDiv() {if(count == ’a’){return ’yes’;}else{return<br />
’no’;}}<br />
}<br />
class Num {<br />
Threes* SumMod3; int last; int number;
CHAPTER 13 Object-Oriented Testing 207<br />
void Digit(int newnum){int j; for (j=1; jPlusOne();}<br />
public:<br />
Num(){SumMod3 = new Threes;}<br />
void Reduce() {while (number > 0){last = number – (number/<br />
10)*10;<br />
Digit(last); number = number/10;}<br />
char* IsDivisibleBy3(int newnum) {number = newnum; Reduce;<br />
return SumMod3->IsDiv();}<br />
}<br />
Main() {<br />
Num* Test = new Num;<br />
int value;<br />
char* answer;<br />
cin >> value;<br />
answer = test->IsDivisibleBy3(value);<br />
cout
Formal Notations<br />
14.1 Introduction<br />
208<br />
A formal notation is a notation that is mathematically based. Either the syntax<br />
and/or the semantics of the notation have a mathematical foundation. Formal<br />
notations have tremendous potential for reducing errors during software development.<br />
The benefits have not been realized mainly because of the difficulty of<br />
constructing and using formal specifications.<br />
The problem with natural language is that it is ambiguous. Often, specifications<br />
depend on the semantics/meanings of words to convey the understanding necessary.<br />
Specifications are supposed to answer questions. Any specification, formal or<br />
not, can be evaluated as to how well it can answer the developer’s questions about<br />
the specified behavior. Formal specifications are able to answer the questions more<br />
precisely.<br />
There are three levels of formalism:<br />
TEAMFLY<br />
Informal—Techniques that have flexible rules that do not constrain the models<br />
that can be created<br />
Semiformal—Techniques that have well-defined syntax<br />
Formal—Techniques that have rigorously defined syntax and semantics<br />
14.2 Formal specifications<br />
A formal specification uses a formally defined model to make statements about the<br />
software behavior. For example, a formal specification might use set notation as<br />
its model. There must be a way to map from the software to the formal model, to<br />
relate processes in the software to processes in the formal model, and to map<br />
statements in the formal model back to statements in the software.<br />
For example, we could specify the behavior of a stack using the mathematical<br />
notation of a sequence. We could specify the mathematical equivalent for each of<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.
CHAPTER 14 Formal Notations 209<br />
the stack operations. Then, given a set of operations on the stack, we could map<br />
those operations into operations on the mathematical sequence. After completing<br />
the operations on the sequence, we could map the result back to the stack. Thus,<br />
we could use the mathematical sequence to precisely specify the behavior of the<br />
stack.<br />
The statements that are usually made in a formal specification fall into three<br />
categories: preconditions, post-conditions, and invariants.<br />
14.2.1 PRECONDITIONS<br />
A precondition is a statement associated with a function that must be true before<br />
the function can execute. There are two styles of interpreting preconditions:<br />
Don’t specify error handling—If the precondition is not met, some error handling<br />
is done. This style assumes that the implementation will be extended to<br />
handle those error conditions.<br />
Specify all error handling—It is assumed that the function will not be called if<br />
the precondition is not met. Thus, the specification is extended to specify all the<br />
error conditions that the implemented function will be expected to handle.<br />
14.2.2 POST-CONDITIONS<br />
Apost-condition is also associated with a function. The post-condition specifies the<br />
changes that occur by the completion of the function. Usually, the formal notation<br />
has a notation for indicating the situation before the execution and the situation<br />
after the execution completes. For example, some notations use an apostrophe to<br />
mark the variable to represent the value of the variable after completion, and the<br />
variables without an apostrophe represent the values before the function execution<br />
starts.<br />
14.2.3 INVARIANTS<br />
An invariant is a statement that is always true. Actually, it may not be true during<br />
the execution of a function or statement. However, it will be true before and after<br />
completion of every function. 1<br />
An example of an invariant for a stack might be that the stack contains less<br />
than or equal to the maximum number of allowed items. Another invariant might<br />
be that some field is not null.<br />
1 Even invariants may not be true at all times during actions within a function. For example, an invariant within<br />
a loop might state a relationship involving two variables. However, the values of the variables might be updated<br />
in two different statements. Between those two statements, the invariant might not be true.
210<br />
14.3 Object Constraint Language (OCL)<br />
Object Constraint Language (OCL) is part of the UML specification. 2 It was<br />
originally used to specify parts of UML. Currently, there is no tool that supports<br />
the analysis of OCL statements in the UML specification.<br />
OCL uses the object model to provide the context for the specification. Most<br />
OCL statements evaluate to a collection of entities. OCL includes operations and<br />
comparisons that can be applied to the resulting collection.<br />
OCL statements are always written with a context. The context is usually a class<br />
in the object model. The context is represent by an underlined name of a class.<br />
The OCL expression self starts the navigation. It refers to an instance of the<br />
class.<br />
14.3.1 NAVIGATION<br />
CHAPTER 14 Formal Notations<br />
An OCL expression can use the rolename of the opposite side of an association,<br />
the name of the association, or the name of the class. The result will either be a<br />
collection or an element. If the multiplicity is 0 or 1, it will be a single object.<br />
Otherwise, it will be a collection.<br />
EXAMPLE 14.1<br />
The following OCL statements all evaluate to the set of all loans of books currently<br />
borrowed from the library(see object shown in Fig. 14-1).<br />
1..*<br />
patron<br />
name<br />
borrow<br />
return<br />
1<br />
cardholders<br />
checked out by<br />
check out<br />
1<br />
0..*<br />
loan<br />
due date<br />
library<br />
1..*<br />
book<br />
name<br />
1..*<br />
copy<br />
borrow<br />
check in<br />
2<br />
The OCL specification is available on the Web. Type ‘‘OCL’’ in a browser search tool or go to<br />
www.software.ibm.com/ad/ocl.<br />
0..1<br />
1<br />
Fig. 14-1<br />
holdings<br />
borrowed 1<br />
1
CHAPTER 14 Formal Notations 211<br />
library<br />
self.holdings.copy.borrowed<br />
self.cardholders.checkedout<br />
The underlined library states the context. The self indicates an instance of the<br />
class library. The expression self.holdings evaluates to the set of all instances<br />
of class book. The expression self.holdings.copy evaluates to the set of all<br />
copies of all books. The expression self.holdings.copy.borrowed<br />
evaluates to the set of all instances of loans of books from the library.<br />
The expression self.cardholders evaluates to the set of all instances of<br />
patron. The expression self.cardholders.checkedout evaluates to the set<br />
of all instances of loan.<br />
14.3.2 INVARIANTS<br />
Invariants in OCL are always written with a context that is shown as an underlined<br />
object name. Usually navigation is used to identify a collection or element<br />
that is compared with another collection or element. Functions can be applied to<br />
the result of the navigation.<br />
EXAMPLE 14.2<br />
Write an invariant for the libraryproblem using the expressions from Example 14.1.<br />
library<br />
self.holdings.copy.borrowed = self.cardholders.checkedout<br />
The underlined library states the context of this invariant. The invariant states<br />
that the set of loans of books borrowed bycardholders is the same as the set of<br />
book copies checked out.<br />
library<br />
self.holdings.copy = self.cardholders.checkedout.borrowed<br />
The preceding invariant is correct type-wise, but it is not true. The expression<br />
self.holdings.copy evaluates to the set of all instances of copy of book in<br />
the library. The other expression evaluates to the set of all instances of copy of<br />
book that are currentlychecked out. This would onlybe true if all the books in the<br />
library were currentlychecked out.<br />
14.3.3 ATTRIBUTES<br />
The expression can also refer to the value of an attribute. The same dot notation is<br />
used.<br />
EXAMPLE 14.3<br />
Write an invariant that says that ‘‘Grapes of Wrath’’ is not in the library.<br />
book<br />
self.name ‘‘Grapes of Wrath’’<br />
The context is the class book. The expression self.name evaluates to the<br />
value of the name of the book.
212<br />
14.3.4 PREDEFINED OPERATIONS<br />
OCL has many operations on collections: size, count(object), includes<br />
(object), sum, and includesall(collection).<br />
EXAMPLE 14.4<br />
Write an invariant that says that no patron can have more than 10 books checked<br />
out at a time.<br />
Patron<br />
self.checkedout->size < 10<br />
The expression self.checkedout evaluates to the set of loans associated<br />
with a patron. The operation size returns the number, and the invariant requires<br />
the number to be less than 10.<br />
14.3.5PRE- AND POST-CONDITIONS<br />
In OCL, the context of the pre- and post-conditions must be shown as an<br />
underlined function. The syntax pre: and post distinguishes the pre- and<br />
post-condition. The keyword result can be used to designate the result of<br />
the operation.<br />
The syntax @pre is used in OCL to specify the value before an operation.<br />
EXAMPLE 14.5<br />
Write pre- and post-conditions to ensure that a patron cannot check out more than<br />
9 books.<br />
patron::borrow<br />
pre: self.checkedout->size < 9<br />
post: self.checkedout->size < 10<br />
or<br />
post: self.checkedout@pre->size + 1 = self.checkedout->size<br />
Review Questions<br />
CHAPTER 14 Formal Notations<br />
1. What kind of questions are specifications supposed to be able to answer?<br />
2. Why would ambiguity be a problem?
CHAPTER 14 Formal Notations 213<br />
3. Why are mathematical notions, such as sets, a good foundation for specifications?<br />
4. What is the difference between preconditions, post-conditions, and invariants?<br />
Problems<br />
1. Given the object model shown in Fig. 14-2, evaluate each of the given OCL statements.<br />
If the statement is wrong, explain what is wrong and determine the simplest<br />
correction.<br />
L<br />
int t<br />
int r()<br />
L<br />
self.c->size = 10<br />
self.a = self.c.b.d<br />
L::r() : int<br />
pre: self.a.b = self.c.a<br />
post: t = t@pre + 1<br />
post: result = self.a->first.s<br />
P<br />
self.a.d->size > max<br />
self.a.b = self.d.c<br />
N::q() : int<br />
pre: self.b->isEmpty<br />
pre: self.d->forall( l |l.t < 10)<br />
post: result = self.d->size<br />
M<br />
floats<br />
d d<br />
N b a P<br />
int x<br />
int r()<br />
a{ordered} b<br />
c c<br />
Fig. 14-2
214<br />
2. Given the object model shown in Fig. 14-3, explain each OCL statement. What does it<br />
specify? Is the OCL invariant reasonable? Is it always true?<br />
marriage<br />
marriage<br />
startdate<br />
enddate<br />
#children<br />
marriage<br />
marriage<br />
familytree<br />
a) self.person = self.marriage.child<br />
marriage<br />
b) self.child.birthfam = self<br />
c) self.husband.birthdate < self.wife.birthdate<br />
person<br />
d) self.birthfam.child_include(self)<br />
e) self.marriage->size = 1<br />
f) self.marriage.wife.birthdate < self.birthdate<br />
3. Write OCL constraints for a restaurant without a smoking section that seats customers<br />
in order of arrival.<br />
Class group<br />
Char* name<br />
Int number<br />
Int arrivalorder<br />
Class waitlist<br />
Group* list[MAX]<br />
Int listptr<br />
Void addtolist(group* newgroup)<br />
Group* seatnext()<br />
Class restaurant<br />
Waitlist* waiting<br />
Void arrive(group* newgroup)<br />
Group* seat()<br />
CHAPTER 14 Formal Notations<br />
family tree<br />
birthfam<br />
child<br />
Fig. 14-3<br />
mother<br />
father<br />
person<br />
person<br />
name<br />
sex<br />
birthdate
CHAPTER 14 Formal Notations 215<br />
Answers to Review Questions<br />
1. What kind of questions are specifications supposed to be able to answer?<br />
Usually, the questions are about the behavior of the proposed software. Developers<br />
should be able to use the specifications to determine exactly what the software should<br />
do in a specified situation.<br />
2. Why would ambiguity be a problem?<br />
If the ambiguity means that the developer will interpret the specification differently<br />
than what the user wants, then there will be a problem.<br />
3. Why are mathematical notions, such as sets, a good foundation for specifications?<br />
Mathematical notions such as sets are a good foundation for specifications because<br />
sets and set operations are precisely defined. For example, the union of two sets is well<br />
understood. If the behavior of a function can be defined as operations on specified sets,<br />
then it will be easy to determine exactly what the function is supposed to do.<br />
4. What is the difference between preconditions, post-conditions, and invariants?<br />
Aprecondition is something that has to be true before a function can execute. Apostcondition<br />
is something that has to be true on completion of the function. An invariant<br />
is something that should be true throughout the execution of the function. Actually,<br />
most invariants are true between every operation.<br />
Answers to Problems<br />
1. All are okay except for pre:self.a.b = self.c.a, which should be pre:<br />
self.a.b = self.c.d.<br />
2. Given the object model shown in Fig. 14-4, explain each OCL statement. What does it<br />
specify? Is the OCL invariant reasonable? Is it always true?<br />
familytree<br />
a) self.person = self.marriage.child<br />
marriage<br />
b) self.child.birthfam = self<br />
c) self.husband.birthdate < self.wife.birthdate
216<br />
marriage<br />
marriage<br />
startdate<br />
enddate<br />
#children<br />
person<br />
d) self.birthfam.child_include(self)<br />
e) self.marriage->size = 1<br />
f) self.marriage.wife.birthdate < self.birthdate<br />
a. This invariant says that the set of persons is the same as the set of all children or<br />
every person has his or her birth marriage listed. This is a reasonable invariant, and it<br />
is true if the data is complete.<br />
b. This invariant says that every child has his or her birth family listed and it matches<br />
the instance that points to the person as a child. This is reasonable and is always true.<br />
c. This says that every husband is older than his wife. This invariant can be stated, but<br />
it does not match reality.<br />
d. This states that the set of children (siblings) reachable from the birthfam includes<br />
the person. This is reasonable and is always true.<br />
e. This states that the set of marriages for a person is only one. It does not match<br />
reality.<br />
f. Either your own birthday (if female) or your spouse’s (if male) is less than yours.<br />
Not reasonable. Not always true.<br />
3. Write OCL constraints for a restaurant without a smoking section that seats customers<br />
in order of arrival.<br />
Class group<br />
Char* name<br />
Int number<br />
Int arrivalorder<br />
marriage<br />
marriage<br />
Class waitlist<br />
Group* list[MAX]<br />
Int listptr<br />
Void addtolist(group* newgroup)<br />
Group* seatnext()<br />
CHAPTER 14 Formal Notations<br />
family tree<br />
birthfam<br />
child<br />
Fig. 14-4<br />
mother<br />
father<br />
person<br />
person<br />
name<br />
sex<br />
birthdate
CHAPTER 14 Formal Notations 217<br />
Class restaurant<br />
Waitlist* waiting<br />
Void arrive(group* newgroup)<br />
Group* seat()<br />
Waitlist<br />
Self.Listptr = self.list->size<br />
Void waitlist::addtolist(group* newgroup)<br />
Pre: self.listptr < MAX<br />
Post: forall(i | list[i] = list[i-1]@pre)<br />
List[0] = newgroup<br />
Listptr = listptr@pre+1<br />
Group* waitlist::seatnext()<br />
Pre: self.listprt > 0<br />
Post: Result = list[listptr@pre]<br />
Self.listptr = self.listprt@pre - 1<br />
Group* Restaurant::seat<br />
Pre: waiting.waitlist->size > 0<br />
Post: waiting.waitlist->size = waiting. waitlist@pre->size<br />
-1<br />
Result = waiting.seatnext()<br />
and forall (x : group | waiting.seatnext().arrivalorder<br />
This page intentionally left blank.<br />
TEAMFLY
Z 1 (see Operand)<br />
Z 2 (see Operator)<br />
Z 2*(see Potential operand)<br />
Absolute scale, 75, 86<br />
Abstraction, 130–131, 141<br />
Acceptance testing, 2, 3<br />
Actor, 7<br />
Actual cost of work performed, 35<br />
ACWP (see Actual cost of work performed)<br />
Adhesiveness, 134, 135, 144<br />
Aggregation, 11, 24<br />
AHF (see Attribute Hiding Factor)<br />
AIF (see Attribute Inheritance Factor)<br />
A-kind-of relationship, 173<br />
Alpha testing, 2<br />
Answer set, 73<br />
Architectural design, 2, 3, 128<br />
Artifact, 7<br />
Associations, 11, 175, 176<br />
Attribute Hiding Factor (AHF), 189, 190<br />
Attribute Inheritance Factor (AIF), 191<br />
B&B problem, 122–126, 136–139, 181, 182, 192<br />
BAC (see Budget at completion)<br />
Base class, 169<br />
Basili, Victor, 83<br />
BCW (see Budgeted cost of work)<br />
BCWP (see Budgeted cost of work performed)<br />
BCWS (see Budgeted cost of work scheduled)<br />
Behavioral modeling, 114, 121<br />
Beta testing, 2<br />
Bieman, James, 133, 142<br />
Boehm, Barry, 4, 57<br />
Boundary testing, 157<br />
Budget at completion (BAC), 35<br />
Budgeted cost of work (BCW), 35<br />
Budgeted cost of work performed (BCWP), 35<br />
Budgeted cost of work scheduled (BCWS), 35<br />
C0 coverage, 149<br />
C1 coverage, 150<br />
Capability maturity model (CMM), 33<br />
CBO (see Coupling between object classes)<br />
CF (see Coupling factor)<br />
CFG (see Control flow graph)<br />
Checklists, 101, 106, 107<br />
Chidamber, Shyam, 183, 196<br />
Chief programmer team, 31<br />
CMM (see Capability maturity model)<br />
COCOMO (see Constructive cost model)<br />
Cohesion, 131, 132, 141, 142<br />
Completion criteria, 48<br />
Complexity, 86<br />
Computation use, data flow metrics, 154<br />
Constructive cost model, 57, 58, 62<br />
Control flow graph (CFG), 16, 76, 77, 150<br />
Cost analysis, 1<br />
Cost estimation, 54–62<br />
line of code based, 54, 56<br />
parameters in, 56<br />
Cost parameters, 56, 71<br />
Cost performance index (CPI), 35<br />
Cost variance (CV), 35<br />
Coupling, 131, 135, 141, 185, 187, 197<br />
Coupling between object classes (CBO), 185, 187, 197<br />
Coupling factor (CF), 192<br />
Coverage criterion in testing, 145, 146<br />
CPI (see Cost performance index)<br />
Critical path in PERT, 50, 52, 66<br />
CV (see Cost variance)<br />
Copyright 2002 The McGraw-Hill Companies, Inc. Click Here for Terms of Use.<br />
219
220<br />
Cyclomatic number, 76, 77, 78, 86, 87, 88, 89<br />
Data design, 128<br />
Data dictionary, 116<br />
Data flow diagram (DFD), 9, 23, 24, 113, 114, 121–123<br />
Data flow testing, 145, 154–155<br />
Decision tree, 93<br />
Defect report, 3<br />
Definition free path, 154<br />
Deliverable, 1, 47, 48<br />
DeMarco, Tom, 61<br />
Dental office problem, 97, 122–126, 182<br />
Dependencies, 50, 132, 133<br />
Depth of Inheritance Tree (DIT), 184, 187, 196<br />
Derived class, 169<br />
Design, 2, 3, 127–144<br />
architectural, 2, 3<br />
attributes of, 130–132<br />
cohesion, 131–135, 141–144<br />
coupling, 131, 135–136, 141<br />
detailed, 2, 3<br />
interface, 2, 129–130<br />
phases of, 128–139<br />
traceability, 136<br />
DFD (see Data flow diagrams)<br />
Dharma, H, 136<br />
DIT (see Depth of Inheritance Tree)<br />
Domain analysis, 1, 174, 181<br />
Domain space, 145<br />
Earned value (EV), 35, 40–44, 46<br />
Economy of scale, 56, 66, 67<br />
Effort in software science, 81<br />
Empirical relation system, 73<br />
Encapsulation, 189<br />
EQF (see Estimate quality factor)<br />
Error rate, 37, 98, 101<br />
plotting, 102, 111<br />
Error tracking, 36, 45, 46<br />
Estimate quality factor, 61<br />
Eta1 (see Operand)<br />
Eta2 (see Operator)<br />
Euler, Leonard, 76<br />
EV (see Earned value)<br />
Every-branch testing, 150<br />
Every path testing, 150<br />
Every statement testing, 149<br />
Exhaustive testing, 145<br />
Existence dependency (ED), 12, 177<br />
Factory problem, 26, 27<br />
Failure, 101, 102<br />
Failure rates, 102<br />
Family tree problem, 12, 173, 176, 216<br />
Fault number, 102<br />
Formal notations, 208–217<br />
Function pairs testing, 199–203, 206–207<br />
Follow-up in inspections, 101<br />
Formal inspection (see Inspection)<br />
Formal notations, 208–217<br />
Formal technical review (FTR), 99–101, 106–108<br />
FPA(see Function point analysis)<br />
FTR (see Formal technical review)<br />
Function point, unadjusted, 59<br />
Function point analysis, 58<br />
Functional testing, 145, 146, 162, 163<br />
Glue tokens, 134, 144<br />
Goal question measure, 83<br />
GQM (see Goal question measure)<br />
Grocery store problem, 26, 27, 172, 174, 175<br />
Gunter, C. A, 127, 141, 142<br />
Halstead, Maurice, 78<br />
Height, 74, 86<br />
Henry, Sallie, 82<br />
Hierarchy diagram, 16<br />
Hierarchical team organization, 31<br />
HK (see Information flow measure)<br />
Humphrey, Watt, 34<br />
IEEE SQAPlan, 103, 104, 109<br />
IEEE SRS, 118–119<br />
Implementation level in software science, 81<br />
Inch-pebble, 39, 42<br />
Incremental model, 4<br />
Infeasible path, 150<br />
Information flow measure, 82<br />
Inheritance, 11, 169, 173<br />
depth of tree (DIT), 184, 187, 196<br />
number of children (NOC), 185, 187, 197<br />
Inspection, 99–101, 108<br />
roles in, 100<br />
steps of, 100<br />
Instance diagram, 13, 27<br />
Instantaneous failure rate, 102<br />
Integration testing, 2<br />
Interface design, 2, 128<br />
Interfaces, 129<br />
Inter-failure time, 102<br />
Interval scale, 75, 86<br />
Invariant, 209, 211<br />
Is-a relationship, 11<br />
Is_visible, 189<br />
Kafura, Dennis, 82<br />
KDSI, 57<br />
INDEX
INDEX 221<br />
Lack of Cohesion in Methods (LCOM), 185, 188<br />
Lattice model, 19<br />
LCOM (see Lack of cohesion in methods)<br />
Length, estimate of, 80<br />
Length measure in software science, 79<br />
Library problem, 11, 13–16, 21, 26, 28, 113, 116,<br />
128–132, 170, 171, 177, 178, 210–212<br />
Line of code (LOC), 76<br />
Line of code, estimation based on, 55<br />
Linear sequential model, 3<br />
Management, critical practices in, 32<br />
Marginal cost, 56<br />
Market analysis, 1<br />
Matrix, for testing, 148<br />
Matrix organization, 31<br />
McCabe, Thomas, 76<br />
Measure, indirect, 72<br />
Measurement, 72<br />
statistics of, 75<br />
Measurement scale, 74<br />
Measurement theory, 73<br />
Meetings, inspection, 100<br />
Method hiding factor (MHF), 189, 190<br />
Method inheritance factor (MIF), 191<br />
Metrics, 72–90, 183–198<br />
attribute hiding factor (AHF), 189, 190<br />
attribute inheritance factor (AIF), 191<br />
coupling between object classes (CBO), 185, 187,<br />
197<br />
coupling factor (CF), 192<br />
depth of inheritance tree (DIT), 184, 184<br />
lack of cohesion in methods (LCOM), 185, 188<br />
method hiding factor (MHF), 189, 190<br />
method inheritance factor (MIF), 191<br />
MOOD, 183, 189–193<br />
number of children (NOC), 185, 187, 197<br />
object-oriented, 183–198<br />
polymorphism factor (PF), 193<br />
response for a class (RFC), 185, 188, 198<br />
validation of, 72<br />
weighted methods per class (WMC), 184, 187, 196<br />
MHF (see Method hiding factor)<br />
MIF (see Method inheritance factor)<br />
Milestone, 1, 5, 47<br />
Miller, Edward F., 149<br />
MM testing, 199, 200, 206–207<br />
Moderator, inspections, 100<br />
Modularity, 130<br />
Monotonicity, 74, 87<br />
MOOD metrics, 183, 189–193<br />
Multiple condition testing, 151<br />
Multiplicities, 178, 179<br />
Myers, Glenford, 147<br />
NOC (see Number of Children)<br />
Nominal scale, 74, 86<br />
Noun-in-text approach, 171, 173<br />
Number of Children (NOC), 185, 187, 197<br />
Numerical relation system, 73<br />
Object constraint language (OCL), 210–214<br />
attributes values in, 211<br />
invariants in, 211<br />
navigation within, 210<br />
pre- and post-conditions in, 212<br />
predefined operations in, 212<br />
Object model, 2, 11, 27, 28, 112, 129, 182<br />
Object-oriented analysis, 127<br />
Object-oriented design, 127, 169<br />
Object-oriented development, 169–182<br />
Object-oriented metrics, 183<br />
Object-oriented testing, 199–207<br />
Objects, 171–173<br />
OCL (see Object constraint language)<br />
Off test, 157<br />
On test, 157<br />
OOA(see Object-oriented analysis)<br />
OOD (see Object-oriented design)<br />
Operand, 78<br />
Operational profile, 156<br />
Operator, 78<br />
Ordinal scale, 75, 86<br />
Ott, Linda, 133, 142<br />
Overview in inspections, 100<br />
Parnas, David L, 4<br />
Partial order, 73, 86<br />
Part-of relationship, 11<br />
Pearson correlations, 75<br />
Personal software process (PSP), 34<br />
PERT (see Program evaluation and review technique)<br />
Petri net, 10, 23<br />
PF (see Polymorphism factor)<br />
Phased life cycle, 5<br />
Planar graph, 76<br />
Planned value (PV), 35<br />
Polymorphism, 171<br />
Polymorphism factor (PF), 193<br />
Post-condition, 209, 212<br />
Postmortem, 37<br />
Potential operand, 79<br />
Potential volume, 81<br />
Precondition, 209, 212<br />
Predecessor, 50,52<br />
Predicate use, 154<br />
Preparation in inspections, 100<br />
Problems:<br />
B&B, 122–126, 136–139, 181, 182, 192
222<br />
Problems (Cont.):<br />
dental office, 122–126, 182<br />
family tree, 173, 176, 216<br />
grocery store, 172, 174, 175<br />
library, 113, 116, 128–132, 170, 171, 177, 178, 210–212<br />
restaurant, 216–217<br />
stack, 203<br />
student-section, 176, 178<br />
testing tool, 118<br />
triangle, 147–150, 154–156, 158<br />
vi-like editor, 113–117<br />
Procedural design, 128<br />
Process management, 30, 41<br />
Process metric, 83<br />
Process model, 7, 8, 31, 48, 108<br />
descriptive, 7<br />
prescriptive, 8<br />
Producer, inspections, 100<br />
Product metric, 76<br />
Productivity, 60, 83<br />
Program evaluation and review technique (PERT), 50,<br />
54, 66, 69, 70<br />
Program slices (see Slices)<br />
Programmer productivity, 34, 39, 43<br />
Project planning, 47–71<br />
COCOMO, 57–58, 71<br />
cost estimation, 54–60, 71<br />
critical path, 52, 69–70<br />
estimate quality factor, 61<br />
function point analysis, 58–60, 71<br />
PERT, 50–54, 69–70<br />
slack time, 53, 69–70<br />
work breakdown structure, 47–50, 65–69<br />
Project management, 30–46<br />
capability maturity model, 33–34<br />
chief programmer teams, 31<br />
critical practices, 32–33<br />
earned value analysis, 35–36, 43–46<br />
error tracking, 36–37, 45–46<br />
personal software process, 34–35, 39<br />
post-mortem reviews, 37–39<br />
programmer productivity, 43<br />
Project planning, 1<br />
Project schedule, 3<br />
Prototype, 4<br />
Prototyping model, 4<br />
PSP (see Personal software process)<br />
PV (see Planned value)<br />
Quality, 99–111<br />
Random testing, 145, 155<br />
Range, 145<br />
Ratio scale, 75, 86<br />
Reader, during inspections, 100<br />
Recorder, during inspections, 100<br />
Refinement, 130<br />
Regression testing, 2<br />
Reliability, 101–102, 108<br />
Representation condition, 73, 74<br />
Requirements, 1, 112–126<br />
data dictionary, 116<br />
data flow diagrams, 113, 114<br />
elicitation of, 1<br />
object model, 112–113<br />
scenario, 115, 121, 124<br />
specification of, 2<br />
state diagrams, 115, 121, 125<br />
system diagram, 117, 121, 126<br />
use case, 114, 121, 123<br />
Requirements specification, 118<br />
Response for a class (RFC), 185, 188, 198<br />
Response set, 185, 188<br />
Reuse, 174<br />
Rework, during inspections, 101<br />
Risk, 91–98<br />
analysis, 91<br />
decision tree, 93, 97<br />
estimation, 92<br />
exposure, 92, 97<br />
identification, 91<br />
impact, 92<br />
management, 91<br />
management plan, 94<br />
mitigation, 94<br />
probability, 92<br />
Rombach, Dieter, 83<br />
Royce, W, 3<br />
RS (see Response set)<br />
Scale, 74–75, 86–87<br />
absolute, 75, 86<br />
interval, 86<br />
nominal, 74, 86<br />
ordinal, 86<br />
ratio, 86<br />
Scenario, 15, 28, 115, 121, 124, 142<br />
Schedule performance index (SPI), 35<br />
Schedule variance (SV), 35<br />
Scheduling, 1<br />
Sequence diagram, 15<br />
Shoe size, 86<br />
Slack time, 53, 66<br />
Slices, 132<br />
Software cost estimation (see Cost estimation)<br />
Software design (see Design)<br />
Software life cycle, 1<br />
Software life cycle models, 3<br />
INDEX
INDEX 223<br />
Software metrics (see Metrics)<br />
Software probe, 102<br />
Software process model, 7–8, 22<br />
Software project management (see Project management)<br />
Software project managers network (SPMN), 32<br />
Software quality assurance, 1, 99<br />
Software quality assurance plan, 3, 103<br />
Software requirements (see Requirements)<br />
Software science, 78, 79, 90<br />
Software testing (see Testing)<br />
SOW (see Statement of work)<br />
Specification, formal, 208<br />
SPI (see Schedule performance index)<br />
Spiral model, 4<br />
SQA(see Software quality assurance)<br />
SQAP (see Software quality assurance plan)<br />
SRS (see Requirements, specification of)<br />
Stack problem, 18, 19, 203<br />
Standard deviation, 55, 75<br />
State diagrams, 17, 18, 28, 115, 121, 125, 201<br />
Statement of work, 2<br />
Statistical quality control, 102<br />
Stopping criterion, 145<br />
Strong functional cohesion, 134, 135, 144<br />
Structural testing, 145, 149<br />
Student rank, 75<br />
Student-section problem, 176, 178<br />
Subdomain testing, 148, 153<br />
Subsumes, 146, 154<br />
Successors, 53<br />
Superglue tokens, 134, 135, 144<br />
SV (see Schedule variance)<br />
System diagram, 117, 121, 126<br />
System testing, 2<br />
Taylor, 127<br />
Test case, 146<br />
Test case selection, 145<br />
Test matrix, 148, 163, 164<br />
Test plan, 3<br />
Test report, 3<br />
Testing, 2, 145–168, 199–207<br />
acceptance, 2, 3<br />
Testing (Cont.):<br />
alpha, 2<br />
beta, 2<br />
boundary, 157<br />
data flow, 154<br />
every-branch coverage, 150<br />
every path coverage, 150<br />
every statement coverage, 149<br />
exhaustive, 145<br />
functional, 145, 146, 162, 163<br />
integration, 2<br />
multiple condition coverage, 151<br />
object oriented, 199–207<br />
random, 145, 155–157<br />
regression, 2<br />
structural, 145, 149<br />
subdomain, 153<br />
unit, 2<br />
Testing tool problem, 118<br />
Theta, 102<br />
Threshold value, 78<br />
Time, in software science, 82<br />
Token, 78<br />
Traceability, 136–139<br />
Triangle problem, 17, 147–150, 154–156, 158<br />
UML (see Unified modeling language)<br />
Unified modeling language (UML), 11, 115, 169, 184<br />
Unit testing, 2<br />
Use case, 175<br />
Use case diagram, 14, 114, 121, 123<br />
Use case scenarios, 3<br />
User manual, 3<br />
Volume, in software science, 81<br />
Visibility, 30, 41, 189<br />
Waterfall model, 3, 4<br />
WBS (see Work breakdown structure)<br />
Weak functional cohesion, 134, 135, 144<br />
Weighted methods per class (WMC), 184, 187, 196<br />
WMC (see Weighted Methods per Class)<br />
Work breakdown structure (WBS), 2, 47, 65–68